FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Enterprise Watch List

 
 
LinkBack Thread Tools
 
Old 07-16-2008, 09:46 AM
 
Default Moderate: php security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: php security update
Advisory ID: RHSA-2008:0544-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0544.html
Issue date: 2008-07-16
CVE Names: CVE-2008-2051 CVE-2007-5898 CVE-2007-5899
CVE-2007-4782 CVE-2008-2107 CVE-2008-2108
================================================== ===================

1. Summary:

Updated PHP packages that fix several security issues are now available for
Red Hat Enterprise Linux 3 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

It was discovered that the PHP escapeshellcmd() function did not properly
escape multi-byte characters which are not valid in the locale used by the
script. This could allow an attacker to bypass quoting restrictions imposed
by escapeshellcmd() and execute arbitrary commands if the PHP script was
using certain locales. Scripts using the default UTF-8 locale are not
affected by this issue. (CVE-2008-2051)

PHP functions htmlentities() and htmlspecialchars() did not properly
recognize partial multi-byte sequences. Certain sequences of bytes could be
passed through these functions without being correctly HTML-escaped.
Depending on the browser being used, an attacker could use this flaw to
conduct cross-site scripting attacks. (CVE-2007-5898)

A PHP script which used the transparent session ID configuration option, or
which used the output_add_rewrite_var() function, could leak session
identifiers to external web sites. If a page included an HTML form with an
ACTION attribute referencing a non-local URL, the user's session ID would
be included in the form data passed to that URL. (CVE-2007-5899)

It was discovered that PHP fnmatch() function did not restrict the length
of the string argument. An attacker could use this flaw to crash the PHP
interpreter where a script used fnmatch() on untrusted input data.
(CVE-2007-4782)

It was discovered that PHP did not properly seed its pseudo-random number
generator used by functions such as rand() and mt_rand(), possibly allowing
an attacker to easily predict the generated pseudo-random values.
(CVE-2008-2107, CVE-2008-2108)

Users of PHP should upgrade to these updated packages, which contain
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

285881 - CVE-2007-4782 php crash in glob() and fnmatch() functions
382411 - CVE-2007-5898 php htmlentities/htmlspecialchars multibyte sequences
382431 - CVE-2007-5899 php session ID leakage
445006 - CVE-2008-2051 PHP multibyte shell escape flaw
445684 - CVE-2008-2107 PHP 32 bit weak random seed
445685 - CVE-2008-2108 PHP weak 64 bit random seed

6. Package List:

Red Hat Enterprise Linux AS version 3:

Source:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/php-4.3.2-48.ent.src.rpm

i386:
php-4.3.2-48.ent.i386.rpm
php-debuginfo-4.3.2-48.ent.i386.rpm
php-devel-4.3.2-48.ent.i386.rpm
php-imap-4.3.2-48.ent.i386.rpm
php-ldap-4.3.2-48.ent.i386.rpm
php-mysql-4.3.2-48.ent.i386.rpm
php-odbc-4.3.2-48.ent.i386.rpm
php-pgsql-4.3.2-48.ent.i386.rpm

ia64:
php-4.3.2-48.ent.ia64.rpm
php-debuginfo-4.3.2-48.ent.ia64.rpm
php-devel-4.3.2-48.ent.ia64.rpm
php-imap-4.3.2-48.ent.ia64.rpm
php-ldap-4.3.2-48.ent.ia64.rpm
php-mysql-4.3.2-48.ent.ia64.rpm
php-odbc-4.3.2-48.ent.ia64.rpm
php-pgsql-4.3.2-48.ent.ia64.rpm

ppc:
php-4.3.2-48.ent.ppc.rpm
php-debuginfo-4.3.2-48.ent.ppc.rpm
php-devel-4.3.2-48.ent.ppc.rpm
php-imap-4.3.2-48.ent.ppc.rpm
php-ldap-4.3.2-48.ent.ppc.rpm
php-mysql-4.3.2-48.ent.ppc.rpm
php-odbc-4.3.2-48.ent.ppc.rpm
php-pgsql-4.3.2-48.ent.ppc.rpm

s390:
php-4.3.2-48.ent.s390.rpm
php-debuginfo-4.3.2-48.ent.s390.rpm
php-devel-4.3.2-48.ent.s390.rpm
php-imap-4.3.2-48.ent.s390.rpm
php-ldap-4.3.2-48.ent.s390.rpm
php-mysql-4.3.2-48.ent.s390.rpm
php-odbc-4.3.2-48.ent.s390.rpm
php-pgsql-4.3.2-48.ent.s390.rpm

s390x:
php-4.3.2-48.ent.s390x.rpm
php-debuginfo-4.3.2-48.ent.s390x.rpm
php-devel-4.3.2-48.ent.s390x.rpm
php-imap-4.3.2-48.ent.s390x.rpm
php-ldap-4.3.2-48.ent.s390x.rpm
php-mysql-4.3.2-48.ent.s390x.rpm
php-odbc-4.3.2-48.ent.s390x.rpm
php-pgsql-4.3.2-48.ent.s390x.rpm

x86_64:
php-4.3.2-48.ent.x86_64.rpm
php-debuginfo-4.3.2-48.ent.x86_64.rpm
php-devel-4.3.2-48.ent.x86_64.rpm
php-imap-4.3.2-48.ent.x86_64.rpm
php-ldap-4.3.2-48.ent.x86_64.rpm
php-mysql-4.3.2-48.ent.x86_64.rpm
php-odbc-4.3.2-48.ent.x86_64.rpm
php-pgsql-4.3.2-48.ent.x86_64.rpm

Red Hat Desktop version 3:

Source:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/php-4.3.2-48.ent.src.rpm

i386:
php-4.3.2-48.ent.i386.rpm
php-debuginfo-4.3.2-48.ent.i386.rpm
php-devel-4.3.2-48.ent.i386.rpm
php-imap-4.3.2-48.ent.i386.rpm
php-ldap-4.3.2-48.ent.i386.rpm
php-mysql-4.3.2-48.ent.i386.rpm
php-odbc-4.3.2-48.ent.i386.rpm
php-pgsql-4.3.2-48.ent.i386.rpm

x86_64:
php-4.3.2-48.ent.x86_64.rpm
php-debuginfo-4.3.2-48.ent.x86_64.rpm
php-devel-4.3.2-48.ent.x86_64.rpm
php-imap-4.3.2-48.ent.x86_64.rpm
php-ldap-4.3.2-48.ent.x86_64.rpm
php-mysql-4.3.2-48.ent.x86_64.rpm
php-odbc-4.3.2-48.ent.x86_64.rpm
php-pgsql-4.3.2-48.ent.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

Source:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/php-4.3.2-48.ent.src.rpm

i386:
php-4.3.2-48.ent.i386.rpm
php-debuginfo-4.3.2-48.ent.i386.rpm
php-devel-4.3.2-48.ent.i386.rpm
php-imap-4.3.2-48.ent.i386.rpm
php-ldap-4.3.2-48.ent.i386.rpm
php-mysql-4.3.2-48.ent.i386.rpm
php-odbc-4.3.2-48.ent.i386.rpm
php-pgsql-4.3.2-48.ent.i386.rpm

ia64:
php-4.3.2-48.ent.ia64.rpm
php-debuginfo-4.3.2-48.ent.ia64.rpm
php-devel-4.3.2-48.ent.ia64.rpm
php-imap-4.3.2-48.ent.ia64.rpm
php-ldap-4.3.2-48.ent.ia64.rpm
php-mysql-4.3.2-48.ent.ia64.rpm
php-odbc-4.3.2-48.ent.ia64.rpm
php-pgsql-4.3.2-48.ent.ia64.rpm

x86_64:
php-4.3.2-48.ent.x86_64.rpm
php-debuginfo-4.3.2-48.ent.x86_64.rpm
php-devel-4.3.2-48.ent.x86_64.rpm
php-imap-4.3.2-48.ent.x86_64.rpm
php-ldap-4.3.2-48.ent.x86_64.rpm
php-mysql-4.3.2-48.ent.x86_64.rpm
php-odbc-4.3.2-48.ent.x86_64.rpm
php-pgsql-4.3.2-48.ent.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

Source:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/php-4.3.2-48.ent.src.rpm

i386:
php-4.3.2-48.ent.i386.rpm
php-debuginfo-4.3.2-48.ent.i386.rpm
php-devel-4.3.2-48.ent.i386.rpm
php-imap-4.3.2-48.ent.i386.rpm
php-ldap-4.3.2-48.ent.i386.rpm
php-mysql-4.3.2-48.ent.i386.rpm
php-odbc-4.3.2-48.ent.i386.rpm
php-pgsql-4.3.2-48.ent.i386.rpm

ia64:
php-4.3.2-48.ent.ia64.rpm
php-debuginfo-4.3.2-48.ent.ia64.rpm
php-devel-4.3.2-48.ent.ia64.rpm
php-imap-4.3.2-48.ent.ia64.rpm
php-ldap-4.3.2-48.ent.ia64.rpm
php-mysql-4.3.2-48.ent.ia64.rpm
php-odbc-4.3.2-48.ent.ia64.rpm
php-pgsql-4.3.2-48.ent.ia64.rpm

x86_64:
php-4.3.2-48.ent.x86_64.rpm
php-debuginfo-4.3.2-48.ent.x86_64.rpm
php-devel-4.3.2-48.ent.x86_64.rpm
php-imap-4.3.2-48.ent.x86_64.rpm
php-ldap-4.3.2-48.ent.x86_64.rpm
php-mysql-4.3.2-48.ent.x86_64.rpm
php-odbc-4.3.2-48.ent.x86_64.rpm
php-pgsql-4.3.2-48.ent.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php-5.1.6-20.el5_2.1.src.rpm

i386:
php-5.1.6-20.el5_2.1.i386.rpm
php-bcmath-5.1.6-20.el5_2.1.i386.rpm
php-cli-5.1.6-20.el5_2.1.i386.rpm
php-common-5.1.6-20.el5_2.1.i386.rpm
php-dba-5.1.6-20.el5_2.1.i386.rpm
php-debuginfo-5.1.6-20.el5_2.1.i386.rpm
php-devel-5.1.6-20.el5_2.1.i386.rpm
php-gd-5.1.6-20.el5_2.1.i386.rpm
php-imap-5.1.6-20.el5_2.1.i386.rpm
php-ldap-5.1.6-20.el5_2.1.i386.rpm
php-mbstring-5.1.6-20.el5_2.1.i386.rpm
php-mysql-5.1.6-20.el5_2.1.i386.rpm
php-ncurses-5.1.6-20.el5_2.1.i386.rpm
php-odbc-5.1.6-20.el5_2.1.i386.rpm
php-pdo-5.1.6-20.el5_2.1.i386.rpm
php-pgsql-5.1.6-20.el5_2.1.i386.rpm
php-snmp-5.1.6-20.el5_2.1.i386.rpm
php-soap-5.1.6-20.el5_2.1.i386.rpm
php-xml-5.1.6-20.el5_2.1.i386.rpm
php-xmlrpc-5.1.6-20.el5_2.1.i386.rpm

x86_64:
php-5.1.6-20.el5_2.1.x86_64.rpm
php-bcmath-5.1.6-20.el5_2.1.x86_64.rpm
php-cli-5.1.6-20.el5_2.1.x86_64.rpm
php-common-5.1.6-20.el5_2.1.x86_64.rpm
php-dba-5.1.6-20.el5_2.1.x86_64.rpm
php-debuginfo-5.1.6-20.el5_2.1.x86_64.rpm
php-devel-5.1.6-20.el5_2.1.x86_64.rpm
php-gd-5.1.6-20.el5_2.1.x86_64.rpm
php-imap-5.1.6-20.el5_2.1.x86_64.rpm
php-ldap-5.1.6-20.el5_2.1.x86_64.rpm
php-mbstring-5.1.6-20.el5_2.1.x86_64.rpm
php-mysql-5.1.6-20.el5_2.1.x86_64.rpm
php-ncurses-5.1.6-20.el5_2.1.x86_64.rpm
php-odbc-5.1.6-20.el5_2.1.x86_64.rpm
php-pdo-5.1.6-20.el5_2.1.x86_64.rpm
php-pgsql-5.1.6-20.el5_2.1.x86_64.rpm
php-snmp-5.1.6-20.el5_2.1.x86_64.rpm
php-soap-5.1.6-20.el5_2.1.x86_64.rpm
php-xml-5.1.6-20.el5_2.1.x86_64.rpm
php-xmlrpc-5.1.6-20.el5_2.1.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php-5.1.6-20.el5_2.1.src.rpm

i386:
php-5.1.6-20.el5_2.1.i386.rpm
php-bcmath-5.1.6-20.el5_2.1.i386.rpm
php-cli-5.1.6-20.el5_2.1.i386.rpm
php-common-5.1.6-20.el5_2.1.i386.rpm
php-dba-5.1.6-20.el5_2.1.i386.rpm
php-debuginfo-5.1.6-20.el5_2.1.i386.rpm
php-devel-5.1.6-20.el5_2.1.i386.rpm
php-gd-5.1.6-20.el5_2.1.i386.rpm
php-imap-5.1.6-20.el5_2.1.i386.rpm
php-ldap-5.1.6-20.el5_2.1.i386.rpm
php-mbstring-5.1.6-20.el5_2.1.i386.rpm
php-mysql-5.1.6-20.el5_2.1.i386.rpm
php-ncurses-5.1.6-20.el5_2.1.i386.rpm
php-odbc-5.1.6-20.el5_2.1.i386.rpm
php-pdo-5.1.6-20.el5_2.1.i386.rpm
php-pgsql-5.1.6-20.el5_2.1.i386.rpm
php-snmp-5.1.6-20.el5_2.1.i386.rpm
php-soap-5.1.6-20.el5_2.1.i386.rpm
php-xml-5.1.6-20.el5_2.1.i386.rpm
php-xmlrpc-5.1.6-20.el5_2.1.i386.rpm

ia64:
php-5.1.6-20.el5_2.1.ia64.rpm
php-bcmath-5.1.6-20.el5_2.1.ia64.rpm
php-cli-5.1.6-20.el5_2.1.ia64.rpm
php-common-5.1.6-20.el5_2.1.ia64.rpm
php-dba-5.1.6-20.el5_2.1.ia64.rpm
php-debuginfo-5.1.6-20.el5_2.1.ia64.rpm
php-devel-5.1.6-20.el5_2.1.ia64.rpm
php-gd-5.1.6-20.el5_2.1.ia64.rpm
php-imap-5.1.6-20.el5_2.1.ia64.rpm
php-ldap-5.1.6-20.el5_2.1.ia64.rpm
php-mbstring-5.1.6-20.el5_2.1.ia64.rpm
php-mysql-5.1.6-20.el5_2.1.ia64.rpm
php-ncurses-5.1.6-20.el5_2.1.ia64.rpm
php-odbc-5.1.6-20.el5_2.1.ia64.rpm
php-pdo-5.1.6-20.el5_2.1.ia64.rpm
php-pgsql-5.1.6-20.el5_2.1.ia64.rpm
php-snmp-5.1.6-20.el5_2.1.ia64.rpm
php-soap-5.1.6-20.el5_2.1.ia64.rpm
php-xml-5.1.6-20.el5_2.1.ia64.rpm
php-xmlrpc-5.1.6-20.el5_2.1.ia64.rpm

ppc:
php-5.1.6-20.el5_2.1.ppc.rpm
php-bcmath-5.1.6-20.el5_2.1.ppc.rpm
php-cli-5.1.6-20.el5_2.1.ppc.rpm
php-common-5.1.6-20.el5_2.1.ppc.rpm
php-dba-5.1.6-20.el5_2.1.ppc.rpm
php-debuginfo-5.1.6-20.el5_2.1.ppc.rpm
php-devel-5.1.6-20.el5_2.1.ppc.rpm
php-gd-5.1.6-20.el5_2.1.ppc.rpm
php-imap-5.1.6-20.el5_2.1.ppc.rpm
php-ldap-5.1.6-20.el5_2.1.ppc.rpm
php-mbstring-5.1.6-20.el5_2.1.ppc.rpm
php-mysql-5.1.6-20.el5_2.1.ppc.rpm
php-ncurses-5.1.6-20.el5_2.1.ppc.rpm
php-odbc-5.1.6-20.el5_2.1.ppc.rpm
php-pdo-5.1.6-20.el5_2.1.ppc.rpm
php-pgsql-5.1.6-20.el5_2.1.ppc.rpm
php-snmp-5.1.6-20.el5_2.1.ppc.rpm
php-soap-5.1.6-20.el5_2.1.ppc.rpm
php-xml-5.1.6-20.el5_2.1.ppc.rpm
php-xmlrpc-5.1.6-20.el5_2.1.ppc.rpm

s390x:
php-5.1.6-20.el5_2.1.s390x.rpm
php-bcmath-5.1.6-20.el5_2.1.s390x.rpm
php-cli-5.1.6-20.el5_2.1.s390x.rpm
php-common-5.1.6-20.el5_2.1.s390x.rpm
php-dba-5.1.6-20.el5_2.1.s390x.rpm
php-debuginfo-5.1.6-20.el5_2.1.s390x.rpm
php-devel-5.1.6-20.el5_2.1.s390x.rpm
php-gd-5.1.6-20.el5_2.1.s390x.rpm
php-imap-5.1.6-20.el5_2.1.s390x.rpm
php-ldap-5.1.6-20.el5_2.1.s390x.rpm
php-mbstring-5.1.6-20.el5_2.1.s390x.rpm
php-mysql-5.1.6-20.el5_2.1.s390x.rpm
php-ncurses-5.1.6-20.el5_2.1.s390x.rpm
php-odbc-5.1.6-20.el5_2.1.s390x.rpm
php-pdo-5.1.6-20.el5_2.1.s390x.rpm
php-pgsql-5.1.6-20.el5_2.1.s390x.rpm
php-snmp-5.1.6-20.el5_2.1.s390x.rpm
php-soap-5.1.6-20.el5_2.1.s390x.rpm
php-xml-5.1.6-20.el5_2.1.s390x.rpm
php-xmlrpc-5.1.6-20.el5_2.1.s390x.rpm

x86_64:
php-5.1.6-20.el5_2.1.x86_64.rpm
php-bcmath-5.1.6-20.el5_2.1.x86_64.rpm
php-cli-5.1.6-20.el5_2.1.x86_64.rpm
php-common-5.1.6-20.el5_2.1.x86_64.rpm
php-dba-5.1.6-20.el5_2.1.x86_64.rpm
php-debuginfo-5.1.6-20.el5_2.1.x86_64.rpm
php-devel-5.1.6-20.el5_2.1.x86_64.rpm
php-gd-5.1.6-20.el5_2.1.x86_64.rpm
php-imap-5.1.6-20.el5_2.1.x86_64.rpm
php-ldap-5.1.6-20.el5_2.1.x86_64.rpm
php-mbstring-5.1.6-20.el5_2.1.x86_64.rpm
php-mysql-5.1.6-20.el5_2.1.x86_64.rpm
php-ncurses-5.1.6-20.el5_2.1.x86_64.rpm
php-odbc-5.1.6-20.el5_2.1.x86_64.rpm
php-pdo-5.1.6-20.el5_2.1.x86_64.rpm
php-pgsql-5.1.6-20.el5_2.1.x86_64.rpm
php-snmp-5.1.6-20.el5_2.1.x86_64.rpm
php-soap-5.1.6-20.el5_2.1.x86_64.rpm
php-xml-5.1.6-20.el5_2.1.x86_64.rpm
php-xmlrpc-5.1.6-20.el5_2.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5898
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFIfcOCXlSAg2UNWIIRAuzMAJ9z4Ak83eymPWItkPlzI8 wD9RYH1wCfRkK0
dL3jd6gst/KwpA2UI5VjESs=
=BFXE
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 07-16-2008, 09:59 AM
 
Default Moderate: php security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: php security update
Advisory ID: RHSA-2008:0546-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0546.html
Issue date: 2008-07-16
CVE Names: CVE-2008-2051 CVE-2007-5898 CVE-2007-5899
CVE-2006-7228 CVE-2007-1660 CVE-2008-2107
CVE-2008-2108
================================================== ===================

1. Summary:

Updated PHP packages that fix several security issues are now available for
Red Hat Enterprise Linux 2.1.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

It was discovered that the PHP escapeshellcmd() function did not properly
escape multi-byte characters which are not valid in the locale used by the
script. This could allow an attacker to bypass quoting restrictions imposed
by escapeshellcmd() and execute arbitrary commands if the PHP script was
using certain locales. Scripts using the default UTF-8 locale are not
affected by this issue. (CVE-2008-2051)

The PHP functions htmlentities() and htmlspecialchars() did not properly
recognize partial multi-byte sequences. Certain sequences of bytes could be
passed through these functions without being correctly HTML-escaped.
Depending on the browser being used, an attacker could use this flaw to
conduct cross-site scripting attacks. (CVE-2007-5898)

A PHP script which used the transparent session ID configuration option, or
which used the output_add_rewrite_var() function, could leak session
identifiers to external web sites. If a page included an HTML form with an
ACTION attribute referencing a non-local URL, the user's session ID would
be included in the form data passed to that URL. (CVE-2007-5899)

It was discovered that PHP did not properly seed its pseudo-random number
generator used by functions such as rand() and mt_rand(), possibly allowing
an attacker to easily predict the generated pseudo-random values.
(CVE-2008-2107, CVE-2008-2108)

Integer overflow and memory requirements miscalculation issues were
discovered in the Perl-Compatible Regular Expression (PCRE) library used by
PHP to process regular expressions. These issues could cause a crash, or
possibly execute an arbitrary code with the privileges of the PHP script
that processes regular expressions from untrusted sources. Note: PHP
packages shipped with Red Hat Enterprise Linux 2.1 did not use the
system-level PCRE library. By default they used an embedded copy of the
library included with the PHP package. (CVE-2006-7228, CVE-2007-1660)

Users of PHP should upgrade to these updated packages, which contain
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

315881 - CVE-2007-1660 pcre regular expression flaws
382411 - CVE-2007-5898 php htmlentities/htmlspecialchars multibyte sequences
382431 - CVE-2007-5899 php session ID leakage
383371 - CVE-2006-7228 pcre integer overflow
445006 - CVE-2008-2051 PHP multibyte shell escape flaw
445684 - CVE-2008-2107 PHP 32 bit weak random seed
445685 - CVE-2008-2108 PHP weak 64 bit random seed

6. Package List:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 :

Source:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/php-4.1.2-2.20.src.rpm

i386:
php-4.1.2-2.20.i386.rpm
php-devel-4.1.2-2.20.i386.rpm
php-imap-4.1.2-2.20.i386.rpm
php-ldap-4.1.2-2.20.i386.rpm
php-manual-4.1.2-2.20.i386.rpm
php-mysql-4.1.2-2.20.i386.rpm
php-odbc-4.1.2-2.20.i386.rpm
php-pgsql-4.1.2-2.20.i386.rpm

ia64:
php-4.1.2-2.20.ia64.rpm
php-devel-4.1.2-2.20.ia64.rpm
php-imap-4.1.2-2.20.ia64.rpm
php-ldap-4.1.2-2.20.ia64.rpm
php-manual-4.1.2-2.20.ia64.rpm
php-mysql-4.1.2-2.20.ia64.rpm
php-odbc-4.1.2-2.20.ia64.rpm
php-pgsql-4.1.2-2.20.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

Source:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/php-4.1.2-2.20.src.rpm

ia64:
php-4.1.2-2.20.ia64.rpm
php-devel-4.1.2-2.20.ia64.rpm
php-imap-4.1.2-2.20.ia64.rpm
php-ldap-4.1.2-2.20.ia64.rpm
php-manual-4.1.2-2.20.ia64.rpm
php-mysql-4.1.2-2.20.ia64.rpm
php-odbc-4.1.2-2.20.ia64.rpm
php-pgsql-4.1.2-2.20.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

Source:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/php-4.1.2-2.20.src.rpm

i386:
php-4.1.2-2.20.i386.rpm
php-devel-4.1.2-2.20.i386.rpm
php-imap-4.1.2-2.20.i386.rpm
php-ldap-4.1.2-2.20.i386.rpm
php-manual-4.1.2-2.20.i386.rpm
php-mysql-4.1.2-2.20.i386.rpm
php-odbc-4.1.2-2.20.i386.rpm
php-pgsql-4.1.2-2.20.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

Source:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/php-4.1.2-2.20.src.rpm

i386:
php-4.1.2-2.20.i386.rpm
php-devel-4.1.2-2.20.i386.rpm
php-imap-4.1.2-2.20.i386.rpm
php-ldap-4.1.2-2.20.i386.rpm
php-manual-4.1.2-2.20.i386.rpm
php-mysql-4.1.2-2.20.i386.rpm
php-odbc-4.1.2-2.20.i386.rpm
php-pgsql-4.1.2-2.20.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5898
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFIfcZ8XlSAg2UNWIIRApNUAJ4zkxoEST7BV0cROBSgYR sSWL5WIACdHcEX
RglnYO1z72hpkPRvdnwTp8Q=
=bKAh
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 07-22-2008, 12:31 PM
 
Default Moderate: php security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: php security update
Advisory ID: RHSA-2008:0582-01
Product: Red Hat Application Stack
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0582.html
Issue date: 2008-07-22
CVE Names: CVE-2008-2051 CVE-2007-5898 CVE-2007-5899
CVE-2007-4782 CVE-2008-2107 CVE-2008-2108
================================================== ===================

1. Summary:

Updated PHP packages that fix several security issues are now available for
Red Hat Application Stack v1.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64
Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64

3. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

It was discovered that the PHP escapeshellcmd() function did not properly
escape multi-byte characters which are not valid in the locale used by the
script. This could allow an attacker to bypass quoting restrictions imposed
by escapeshellcmd() and execute arbitrary commands if the PHP script was
using certain locales. Scripts using the default UTF-8 locale are not
affected by this issue. (CVE-2008-2051)

PHP functions htmlentities() and htmlspecialchars() did not properly
recognize partial multi-byte sequences. Certain sequences of bytes could be
passed through these functions without being correctly HTML-escaped.
Depending on the browser being used, an attacker could use this flaw to
conduct cross-site scripting attacks. (CVE-2007-5898)

A PHP script which used the transparent session ID configuration option, or
which used the output_add_rewrite_var() function, could leak session
identifiers to external web sites. If a page included an HTML form with an
ACTION attribute referencing a non-local URL, the user's session ID would
be included in the form data passed to that URL. (CVE-2007-5899)

It was discovered that PHP fnmatch() function did not restrict the length
of the string argument. An attacker could use this flaw to crash the PHP
interpreter where a script used fnmatch() on untrusted input data.
(CVE-2007-4782)

It was discovered that PHP did not properly seed its pseudo-random number
generator used by functions such as rand() and mt_rand(), possibly allowing
an attacker to easily predict the generated pseudo-random values.
(CVE-2008-2107, CVE-2008-2108)

Users of PHP should upgrade to these updated packages, which contain
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

285881 - CVE-2007-4782 php crash in glob() and fnmatch() functions
382411 - CVE-2007-5898 php htmlentities/htmlspecialchars multibyte sequences
382431 - CVE-2007-5899 php session ID leakage
445006 - CVE-2008-2051 PHP multibyte shell escape flaw
445684 - CVE-2008-2107 PHP 32 bit weak random seed
445685 - CVE-2008-2108 PHP weak 64 bit random seed

6. Package List:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4):

Source:
ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/php-5.1.6-3.el4s1.10.src.rpm

i386:
php-5.1.6-3.el4s1.10.i386.rpm
php-bcmath-5.1.6-3.el4s1.10.i386.rpm
php-cli-5.1.6-3.el4s1.10.i386.rpm
php-common-5.1.6-3.el4s1.10.i386.rpm
php-dba-5.1.6-3.el4s1.10.i386.rpm
php-debuginfo-5.1.6-3.el4s1.10.i386.rpm
php-devel-5.1.6-3.el4s1.10.i386.rpm
php-gd-5.1.6-3.el4s1.10.i386.rpm
php-imap-5.1.6-3.el4s1.10.i386.rpm
php-ldap-5.1.6-3.el4s1.10.i386.rpm
php-mbstring-5.1.6-3.el4s1.10.i386.rpm
php-mysql-5.1.6-3.el4s1.10.i386.rpm
php-ncurses-5.1.6-3.el4s1.10.i386.rpm
php-odbc-5.1.6-3.el4s1.10.i386.rpm
php-pdo-5.1.6-3.el4s1.10.i386.rpm
php-pgsql-5.1.6-3.el4s1.10.i386.rpm
php-snmp-5.1.6-3.el4s1.10.i386.rpm
php-soap-5.1.6-3.el4s1.10.i386.rpm
php-xml-5.1.6-3.el4s1.10.i386.rpm
php-xmlrpc-5.1.6-3.el4s1.10.i386.rpm

x86_64:
php-5.1.6-3.el4s1.10.x86_64.rpm
php-bcmath-5.1.6-3.el4s1.10.x86_64.rpm
php-cli-5.1.6-3.el4s1.10.x86_64.rpm
php-common-5.1.6-3.el4s1.10.x86_64.rpm
php-dba-5.1.6-3.el4s1.10.x86_64.rpm
php-debuginfo-5.1.6-3.el4s1.10.x86_64.rpm
php-devel-5.1.6-3.el4s1.10.x86_64.rpm
php-gd-5.1.6-3.el4s1.10.x86_64.rpm
php-imap-5.1.6-3.el4s1.10.x86_64.rpm
php-ldap-5.1.6-3.el4s1.10.x86_64.rpm
php-mbstring-5.1.6-3.el4s1.10.x86_64.rpm
php-mysql-5.1.6-3.el4s1.10.x86_64.rpm
php-ncurses-5.1.6-3.el4s1.10.x86_64.rpm
php-odbc-5.1.6-3.el4s1.10.x86_64.rpm
php-pdo-5.1.6-3.el4s1.10.x86_64.rpm
php-pgsql-5.1.6-3.el4s1.10.x86_64.rpm
php-snmp-5.1.6-3.el4s1.10.x86_64.rpm
php-soap-5.1.6-3.el4s1.10.x86_64.rpm
php-xml-5.1.6-3.el4s1.10.x86_64.rpm
php-xmlrpc-5.1.6-3.el4s1.10.x86_64.rpm

Red Hat Application Stack v1 for Enterprise Linux ES (v.4):

Source:
ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/php-5.1.6-3.el4s1.10.src.rpm

i386:
php-5.1.6-3.el4s1.10.i386.rpm
php-bcmath-5.1.6-3.el4s1.10.i386.rpm
php-cli-5.1.6-3.el4s1.10.i386.rpm
php-common-5.1.6-3.el4s1.10.i386.rpm
php-dba-5.1.6-3.el4s1.10.i386.rpm
php-debuginfo-5.1.6-3.el4s1.10.i386.rpm
php-devel-5.1.6-3.el4s1.10.i386.rpm
php-gd-5.1.6-3.el4s1.10.i386.rpm
php-imap-5.1.6-3.el4s1.10.i386.rpm
php-ldap-5.1.6-3.el4s1.10.i386.rpm
php-mbstring-5.1.6-3.el4s1.10.i386.rpm
php-mysql-5.1.6-3.el4s1.10.i386.rpm
php-ncurses-5.1.6-3.el4s1.10.i386.rpm
php-odbc-5.1.6-3.el4s1.10.i386.rpm
php-pdo-5.1.6-3.el4s1.10.i386.rpm
php-pgsql-5.1.6-3.el4s1.10.i386.rpm
php-snmp-5.1.6-3.el4s1.10.i386.rpm
php-soap-5.1.6-3.el4s1.10.i386.rpm
php-xml-5.1.6-3.el4s1.10.i386.rpm
php-xmlrpc-5.1.6-3.el4s1.10.i386.rpm

x86_64:
php-5.1.6-3.el4s1.10.x86_64.rpm
php-bcmath-5.1.6-3.el4s1.10.x86_64.rpm
php-cli-5.1.6-3.el4s1.10.x86_64.rpm
php-common-5.1.6-3.el4s1.10.x86_64.rpm
php-dba-5.1.6-3.el4s1.10.x86_64.rpm
php-debuginfo-5.1.6-3.el4s1.10.x86_64.rpm
php-devel-5.1.6-3.el4s1.10.x86_64.rpm
php-gd-5.1.6-3.el4s1.10.x86_64.rpm
php-imap-5.1.6-3.el4s1.10.x86_64.rpm
php-ldap-5.1.6-3.el4s1.10.x86_64.rpm
php-mbstring-5.1.6-3.el4s1.10.x86_64.rpm
php-mysql-5.1.6-3.el4s1.10.x86_64.rpm
php-ncurses-5.1.6-3.el4s1.10.x86_64.rpm
php-odbc-5.1.6-3.el4s1.10.x86_64.rpm
php-pdo-5.1.6-3.el4s1.10.x86_64.rpm
php-pgsql-5.1.6-3.el4s1.10.x86_64.rpm
php-snmp-5.1.6-3.el4s1.10.x86_64.rpm
php-soap-5.1.6-3.el4s1.10.x86_64.rpm
php-xml-5.1.6-3.el4s1.10.x86_64.rpm
php-xmlrpc-5.1.6-3.el4s1.10.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5898
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFIhdMrXlSAg2UNWIIRAv6eAKCb/Uo5NdU/wGCV7t1uxOgPzWZVMgCfXQZC
qV8KMB7Oc0svuN3gB/rcFQw=
=htz1
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 01-13-2010, 05:15 PM
 
Default Moderate: php security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: php security update
Advisory ID: RHSA-2010:0040-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0040.html
Issue date: 2010-01-13
CVE Names: CVE-2009-2687 CVE-2009-3291 CVE-2009-3292
CVE-2009-3546 CVE-2009-4017 CVE-2009-4142
================================================== ===================

1. Summary:

Updated php packages that fix several security issues are now available for
Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

Multiple missing input sanitization flaws were discovered in PHP's exif
extension. A specially-crafted image file could cause the PHP interpreter
to crash or, possibly, disclose portions of its memory when a PHP script
tried to extract Exchangeable image file format (Exif) metadata from the
image file. (CVE-2009-2687, CVE-2009-3292)

A missing input sanitization flaw, leading to a buffer overflow, was
discovered in PHP's gd library. A specially-crafted GD image file could
cause the PHP interpreter to crash or, possibly, execute arbitrary code
when opened. (CVE-2009-3546)

It was discovered that PHP did not limit the maximum number of files that
can be uploaded in one request. A remote attacker could use this flaw to
instigate a denial of service by causing the PHP interpreter to use lots of
system resources dealing with requests containing large amounts of files to
be uploaded. This vulnerability depends on file uploads being enabled
(which it is, in the default PHP configuration). (CVE-2009-4017)

Note: This update introduces a new configuration option, max_file_uploads,
used for limiting the number of files that can be uploaded in one request.
By default, the limit is 20 files per request.

It was discovered that PHP was affected by the previously published "null
prefix attack", caused by incorrect handling of NUL characters in X.509
certificates. If an attacker is able to get a carefully-crafted certificate
signed by a trusted Certificate Authority, the attacker could use the
certificate during a man-in-the-middle attack and potentially confuse PHP
into accepting it by mistake. (CVE-2009-3291)

It was discovered that PHP's htmlspecialchars() function did not properly
recognize partial multi-byte sequences for some multi-byte encodings,
sending them to output without them being escaped. An attacker could use
this flaw to perform a cross-site scripting attack. (CVE-2009-4142)

All php users should upgrade to these updated packages, which contain
backported patches to resolve these issues. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

506896 - CVE-2009-2687 php: exif_read_data crash on corrupted JPEG files
524222 - CVE-2009-3292 php: exif extension: Multiple missing sanity checks in EXIF file processing
524228 - CVE-2009-3291 php: openssl extension: Incorrect verification of SSL certificate with NUL in name
529213 - CVE-2009-3546 gd: insufficient input validation in _gdGetColors()
540459 - CVE-2009-4017 PHP: resource exhaustion attack via upload requests with lots of files
548516 - CVE-2009-4142 php: htmlspecialchars() insufficient checking of input for multi-byte encodings

6. Package List:

Red Hat Enterprise Linux AS version 3:

Source:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/php-4.3.2-54.ent.src.rpm

i386:
php-4.3.2-54.ent.i386.rpm
php-debuginfo-4.3.2-54.ent.i386.rpm
php-devel-4.3.2-54.ent.i386.rpm
php-imap-4.3.2-54.ent.i386.rpm
php-ldap-4.3.2-54.ent.i386.rpm
php-mysql-4.3.2-54.ent.i386.rpm
php-odbc-4.3.2-54.ent.i386.rpm
php-pgsql-4.3.2-54.ent.i386.rpm

ia64:
php-4.3.2-54.ent.ia64.rpm
php-debuginfo-4.3.2-54.ent.ia64.rpm
php-devel-4.3.2-54.ent.ia64.rpm
php-imap-4.3.2-54.ent.ia64.rpm
php-ldap-4.3.2-54.ent.ia64.rpm
php-mysql-4.3.2-54.ent.ia64.rpm
php-odbc-4.3.2-54.ent.ia64.rpm
php-pgsql-4.3.2-54.ent.ia64.rpm

ppc:
php-4.3.2-54.ent.ppc.rpm
php-debuginfo-4.3.2-54.ent.ppc.rpm
php-devel-4.3.2-54.ent.ppc.rpm
php-imap-4.3.2-54.ent.ppc.rpm
php-ldap-4.3.2-54.ent.ppc.rpm
php-mysql-4.3.2-54.ent.ppc.rpm
php-odbc-4.3.2-54.ent.ppc.rpm
php-pgsql-4.3.2-54.ent.ppc.rpm

s390:
php-4.3.2-54.ent.s390.rpm
php-debuginfo-4.3.2-54.ent.s390.rpm
php-devel-4.3.2-54.ent.s390.rpm
php-imap-4.3.2-54.ent.s390.rpm
php-ldap-4.3.2-54.ent.s390.rpm
php-mysql-4.3.2-54.ent.s390.rpm
php-odbc-4.3.2-54.ent.s390.rpm
php-pgsql-4.3.2-54.ent.s390.rpm

s390x:
php-4.3.2-54.ent.s390x.rpm
php-debuginfo-4.3.2-54.ent.s390x.rpm
php-devel-4.3.2-54.ent.s390x.rpm
php-imap-4.3.2-54.ent.s390x.rpm
php-ldap-4.3.2-54.ent.s390x.rpm
php-mysql-4.3.2-54.ent.s390x.rpm
php-odbc-4.3.2-54.ent.s390x.rpm
php-pgsql-4.3.2-54.ent.s390x.rpm

x86_64:
php-4.3.2-54.ent.x86_64.rpm
php-debuginfo-4.3.2-54.ent.x86_64.rpm
php-devel-4.3.2-54.ent.x86_64.rpm
php-imap-4.3.2-54.ent.x86_64.rpm
php-ldap-4.3.2-54.ent.x86_64.rpm
php-mysql-4.3.2-54.ent.x86_64.rpm
php-odbc-4.3.2-54.ent.x86_64.rpm
php-pgsql-4.3.2-54.ent.x86_64.rpm

Red Hat Desktop version 3:

Source:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/php-4.3.2-54.ent.src.rpm

i386:
php-4.3.2-54.ent.i386.rpm
php-debuginfo-4.3.2-54.ent.i386.rpm
php-devel-4.3.2-54.ent.i386.rpm
php-imap-4.3.2-54.ent.i386.rpm
php-ldap-4.3.2-54.ent.i386.rpm
php-mysql-4.3.2-54.ent.i386.rpm
php-odbc-4.3.2-54.ent.i386.rpm
php-pgsql-4.3.2-54.ent.i386.rpm

x86_64:
php-4.3.2-54.ent.x86_64.rpm
php-debuginfo-4.3.2-54.ent.x86_64.rpm
php-devel-4.3.2-54.ent.x86_64.rpm
php-imap-4.3.2-54.ent.x86_64.rpm
php-ldap-4.3.2-54.ent.x86_64.rpm
php-mysql-4.3.2-54.ent.x86_64.rpm
php-odbc-4.3.2-54.ent.x86_64.rpm
php-pgsql-4.3.2-54.ent.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

Source:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/php-4.3.2-54.ent.src.rpm

i386:
php-4.3.2-54.ent.i386.rpm
php-debuginfo-4.3.2-54.ent.i386.rpm
php-devel-4.3.2-54.ent.i386.rpm
php-imap-4.3.2-54.ent.i386.rpm
php-ldap-4.3.2-54.ent.i386.rpm
php-mysql-4.3.2-54.ent.i386.rpm
php-odbc-4.3.2-54.ent.i386.rpm
php-pgsql-4.3.2-54.ent.i386.rpm

ia64:
php-4.3.2-54.ent.ia64.rpm
php-debuginfo-4.3.2-54.ent.ia64.rpm
php-devel-4.3.2-54.ent.ia64.rpm
php-imap-4.3.2-54.ent.ia64.rpm
php-ldap-4.3.2-54.ent.ia64.rpm
php-mysql-4.3.2-54.ent.ia64.rpm
php-odbc-4.3.2-54.ent.ia64.rpm
php-pgsql-4.3.2-54.ent.ia64.rpm

x86_64:
php-4.3.2-54.ent.x86_64.rpm
php-debuginfo-4.3.2-54.ent.x86_64.rpm
php-devel-4.3.2-54.ent.x86_64.rpm
php-imap-4.3.2-54.ent.x86_64.rpm
php-ldap-4.3.2-54.ent.x86_64.rpm
php-mysql-4.3.2-54.ent.x86_64.rpm
php-odbc-4.3.2-54.ent.x86_64.rpm
php-pgsql-4.3.2-54.ent.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

Source:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/php-4.3.2-54.ent.src.rpm

i386:
php-4.3.2-54.ent.i386.rpm
php-debuginfo-4.3.2-54.ent.i386.rpm
php-devel-4.3.2-54.ent.i386.rpm
php-imap-4.3.2-54.ent.i386.rpm
php-ldap-4.3.2-54.ent.i386.rpm
php-mysql-4.3.2-54.ent.i386.rpm
php-odbc-4.3.2-54.ent.i386.rpm
php-pgsql-4.3.2-54.ent.i386.rpm

ia64:
php-4.3.2-54.ent.ia64.rpm
php-debuginfo-4.3.2-54.ent.ia64.rpm
php-devel-4.3.2-54.ent.ia64.rpm
php-imap-4.3.2-54.ent.ia64.rpm
php-ldap-4.3.2-54.ent.ia64.rpm
php-mysql-4.3.2-54.ent.ia64.rpm
php-odbc-4.3.2-54.ent.ia64.rpm
php-pgsql-4.3.2-54.ent.ia64.rpm

x86_64:
php-4.3.2-54.ent.x86_64.rpm
php-debuginfo-4.3.2-54.ent.x86_64.rpm
php-devel-4.3.2-54.ent.x86_64.rpm
php-imap-4.3.2-54.ent.x86_64.rpm
php-ldap-4.3.2-54.ent.x86_64.rpm
php-mysql-4.3.2-54.ent.x86_64.rpm
php-odbc-4.3.2-54.ent.x86_64.rpm
php-pgsql-4.3.2-54.ent.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/php-4.3.9-3.29.src.rpm

i386:
php-4.3.9-3.29.i386.rpm
php-debuginfo-4.3.9-3.29.i386.rpm
php-devel-4.3.9-3.29.i386.rpm
php-domxml-4.3.9-3.29.i386.rpm
php-gd-4.3.9-3.29.i386.rpm
php-imap-4.3.9-3.29.i386.rpm
php-ldap-4.3.9-3.29.i386.rpm
php-mbstring-4.3.9-3.29.i386.rpm
php-mysql-4.3.9-3.29.i386.rpm
php-ncurses-4.3.9-3.29.i386.rpm
php-odbc-4.3.9-3.29.i386.rpm
php-pear-4.3.9-3.29.i386.rpm
php-pgsql-4.3.9-3.29.i386.rpm
php-snmp-4.3.9-3.29.i386.rpm
php-xmlrpc-4.3.9-3.29.i386.rpm

ia64:
php-4.3.9-3.29.ia64.rpm
php-debuginfo-4.3.9-3.29.ia64.rpm
php-devel-4.3.9-3.29.ia64.rpm
php-domxml-4.3.9-3.29.ia64.rpm
php-gd-4.3.9-3.29.ia64.rpm
php-imap-4.3.9-3.29.ia64.rpm
php-ldap-4.3.9-3.29.ia64.rpm
php-mbstring-4.3.9-3.29.ia64.rpm
php-mysql-4.3.9-3.29.ia64.rpm
php-ncurses-4.3.9-3.29.ia64.rpm
php-odbc-4.3.9-3.29.ia64.rpm
php-pear-4.3.9-3.29.ia64.rpm
php-pgsql-4.3.9-3.29.ia64.rpm
php-snmp-4.3.9-3.29.ia64.rpm
php-xmlrpc-4.3.9-3.29.ia64.rpm

ppc:
php-4.3.9-3.29.ppc.rpm
php-debuginfo-4.3.9-3.29.ppc.rpm
php-devel-4.3.9-3.29.ppc.rpm
php-domxml-4.3.9-3.29.ppc.rpm
php-gd-4.3.9-3.29.ppc.rpm
php-imap-4.3.9-3.29.ppc.rpm
php-ldap-4.3.9-3.29.ppc.rpm
php-mbstring-4.3.9-3.29.ppc.rpm
php-mysql-4.3.9-3.29.ppc.rpm
php-ncurses-4.3.9-3.29.ppc.rpm
php-odbc-4.3.9-3.29.ppc.rpm
php-pear-4.3.9-3.29.ppc.rpm
php-pgsql-4.3.9-3.29.ppc.rpm
php-snmp-4.3.9-3.29.ppc.rpm
php-xmlrpc-4.3.9-3.29.ppc.rpm

s390:
php-4.3.9-3.29.s390.rpm
php-debuginfo-4.3.9-3.29.s390.rpm
php-devel-4.3.9-3.29.s390.rpm
php-domxml-4.3.9-3.29.s390.rpm
php-gd-4.3.9-3.29.s390.rpm
php-imap-4.3.9-3.29.s390.rpm
php-ldap-4.3.9-3.29.s390.rpm
php-mbstring-4.3.9-3.29.s390.rpm
php-mysql-4.3.9-3.29.s390.rpm
php-ncurses-4.3.9-3.29.s390.rpm
php-odbc-4.3.9-3.29.s390.rpm
php-pear-4.3.9-3.29.s390.rpm
php-pgsql-4.3.9-3.29.s390.rpm
php-snmp-4.3.9-3.29.s390.rpm
php-xmlrpc-4.3.9-3.29.s390.rpm

s390x:
php-4.3.9-3.29.s390x.rpm
php-debuginfo-4.3.9-3.29.s390x.rpm
php-devel-4.3.9-3.29.s390x.rpm
php-domxml-4.3.9-3.29.s390x.rpm
php-gd-4.3.9-3.29.s390x.rpm
php-imap-4.3.9-3.29.s390x.rpm
php-ldap-4.3.9-3.29.s390x.rpm
php-mbstring-4.3.9-3.29.s390x.rpm
php-mysql-4.3.9-3.29.s390x.rpm
php-ncurses-4.3.9-3.29.s390x.rpm
php-odbc-4.3.9-3.29.s390x.rpm
php-pear-4.3.9-3.29.s390x.rpm
php-pgsql-4.3.9-3.29.s390x.rpm
php-snmp-4.3.9-3.29.s390x.rpm
php-xmlrpc-4.3.9-3.29.s390x.rpm

x86_64:
php-4.3.9-3.29.x86_64.rpm
php-debuginfo-4.3.9-3.29.x86_64.rpm
php-devel-4.3.9-3.29.x86_64.rpm
php-domxml-4.3.9-3.29.x86_64.rpm
php-gd-4.3.9-3.29.x86_64.rpm
php-imap-4.3.9-3.29.x86_64.rpm
php-ldap-4.3.9-3.29.x86_64.rpm
php-mbstring-4.3.9-3.29.x86_64.rpm
php-mysql-4.3.9-3.29.x86_64.rpm
php-ncurses-4.3.9-3.29.x86_64.rpm
php-odbc-4.3.9-3.29.x86_64.rpm
php-pear-4.3.9-3.29.x86_64.rpm
php-pgsql-4.3.9-3.29.x86_64.rpm
php-snmp-4.3.9-3.29.x86_64.rpm
php-xmlrpc-4.3.9-3.29.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/php-4.3.9-3.29.src.rpm

i386:
php-4.3.9-3.29.i386.rpm
php-debuginfo-4.3.9-3.29.i386.rpm
php-devel-4.3.9-3.29.i386.rpm
php-domxml-4.3.9-3.29.i386.rpm
php-gd-4.3.9-3.29.i386.rpm
php-imap-4.3.9-3.29.i386.rpm
php-ldap-4.3.9-3.29.i386.rpm
php-mbstring-4.3.9-3.29.i386.rpm
php-mysql-4.3.9-3.29.i386.rpm
php-ncurses-4.3.9-3.29.i386.rpm
php-odbc-4.3.9-3.29.i386.rpm
php-pear-4.3.9-3.29.i386.rpm
php-pgsql-4.3.9-3.29.i386.rpm
php-snmp-4.3.9-3.29.i386.rpm
php-xmlrpc-4.3.9-3.29.i386.rpm

x86_64:
php-4.3.9-3.29.x86_64.rpm
php-debuginfo-4.3.9-3.29.x86_64.rpm
php-devel-4.3.9-3.29.x86_64.rpm
php-domxml-4.3.9-3.29.x86_64.rpm
php-gd-4.3.9-3.29.x86_64.rpm
php-imap-4.3.9-3.29.x86_64.rpm
php-ldap-4.3.9-3.29.x86_64.rpm
php-mbstring-4.3.9-3.29.x86_64.rpm
php-mysql-4.3.9-3.29.x86_64.rpm
php-ncurses-4.3.9-3.29.x86_64.rpm
php-odbc-4.3.9-3.29.x86_64.rpm
php-pear-4.3.9-3.29.x86_64.rpm
php-pgsql-4.3.9-3.29.x86_64.rpm
php-snmp-4.3.9-3.29.x86_64.rpm
php-xmlrpc-4.3.9-3.29.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/php-4.3.9-3.29.src.rpm

i386:
php-4.3.9-3.29.i386.rpm
php-debuginfo-4.3.9-3.29.i386.rpm
php-devel-4.3.9-3.29.i386.rpm
php-domxml-4.3.9-3.29.i386.rpm
php-gd-4.3.9-3.29.i386.rpm
php-imap-4.3.9-3.29.i386.rpm
php-ldap-4.3.9-3.29.i386.rpm
php-mbstring-4.3.9-3.29.i386.rpm
php-mysql-4.3.9-3.29.i386.rpm
php-ncurses-4.3.9-3.29.i386.rpm
php-odbc-4.3.9-3.29.i386.rpm
php-pear-4.3.9-3.29.i386.rpm
php-pgsql-4.3.9-3.29.i386.rpm
php-snmp-4.3.9-3.29.i386.rpm
php-xmlrpc-4.3.9-3.29.i386.rpm

ia64:
php-4.3.9-3.29.ia64.rpm
php-debuginfo-4.3.9-3.29.ia64.rpm
php-devel-4.3.9-3.29.ia64.rpm
php-domxml-4.3.9-3.29.ia64.rpm
php-gd-4.3.9-3.29.ia64.rpm
php-imap-4.3.9-3.29.ia64.rpm
php-ldap-4.3.9-3.29.ia64.rpm
php-mbstring-4.3.9-3.29.ia64.rpm
php-mysql-4.3.9-3.29.ia64.rpm
php-ncurses-4.3.9-3.29.ia64.rpm
php-odbc-4.3.9-3.29.ia64.rpm
php-pear-4.3.9-3.29.ia64.rpm
php-pgsql-4.3.9-3.29.ia64.rpm
php-snmp-4.3.9-3.29.ia64.rpm
php-xmlrpc-4.3.9-3.29.ia64.rpm

x86_64:
php-4.3.9-3.29.x86_64.rpm
php-debuginfo-4.3.9-3.29.x86_64.rpm
php-devel-4.3.9-3.29.x86_64.rpm
php-domxml-4.3.9-3.29.x86_64.rpm
php-gd-4.3.9-3.29.x86_64.rpm
php-imap-4.3.9-3.29.x86_64.rpm
php-ldap-4.3.9-3.29.x86_64.rpm
php-mbstring-4.3.9-3.29.x86_64.rpm
php-mysql-4.3.9-3.29.x86_64.rpm
php-ncurses-4.3.9-3.29.x86_64.rpm
php-odbc-4.3.9-3.29.x86_64.rpm
php-pear-4.3.9-3.29.x86_64.rpm
php-pgsql-4.3.9-3.29.x86_64.rpm
php-snmp-4.3.9-3.29.x86_64.rpm
php-xmlrpc-4.3.9-3.29.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/php-4.3.9-3.29.src.rpm

i386:
php-4.3.9-3.29.i386.rpm
php-debuginfo-4.3.9-3.29.i386.rpm
php-devel-4.3.9-3.29.i386.rpm
php-domxml-4.3.9-3.29.i386.rpm
php-gd-4.3.9-3.29.i386.rpm
php-imap-4.3.9-3.29.i386.rpm
php-ldap-4.3.9-3.29.i386.rpm
php-mbstring-4.3.9-3.29.i386.rpm
php-mysql-4.3.9-3.29.i386.rpm
php-ncurses-4.3.9-3.29.i386.rpm
php-odbc-4.3.9-3.29.i386.rpm
php-pear-4.3.9-3.29.i386.rpm
php-pgsql-4.3.9-3.29.i386.rpm
php-snmp-4.3.9-3.29.i386.rpm
php-xmlrpc-4.3.9-3.29.i386.rpm

ia64:
php-4.3.9-3.29.ia64.rpm
php-debuginfo-4.3.9-3.29.ia64.rpm
php-devel-4.3.9-3.29.ia64.rpm
php-domxml-4.3.9-3.29.ia64.rpm
php-gd-4.3.9-3.29.ia64.rpm
php-imap-4.3.9-3.29.ia64.rpm
php-ldap-4.3.9-3.29.ia64.rpm
php-mbstring-4.3.9-3.29.ia64.rpm
php-mysql-4.3.9-3.29.ia64.rpm
php-ncurses-4.3.9-3.29.ia64.rpm
php-odbc-4.3.9-3.29.ia64.rpm
php-pear-4.3.9-3.29.ia64.rpm
php-pgsql-4.3.9-3.29.ia64.rpm
php-snmp-4.3.9-3.29.ia64.rpm
php-xmlrpc-4.3.9-3.29.ia64.rpm

x86_64:
php-4.3.9-3.29.x86_64.rpm
php-debuginfo-4.3.9-3.29.x86_64.rpm
php-devel-4.3.9-3.29.x86_64.rpm
php-domxml-4.3.9-3.29.x86_64.rpm
php-gd-4.3.9-3.29.x86_64.rpm
php-imap-4.3.9-3.29.x86_64.rpm
php-ldap-4.3.9-3.29.x86_64.rpm
php-mbstring-4.3.9-3.29.x86_64.rpm
php-mysql-4.3.9-3.29.x86_64.rpm
php-ncurses-4.3.9-3.29.x86_64.rpm
php-odbc-4.3.9-3.29.x86_64.rpm
php-pear-4.3.9-3.29.x86_64.rpm
php-pgsql-4.3.9-3.29.x86_64.rpm
php-snmp-4.3.9-3.29.x86_64.rpm
php-xmlrpc-4.3.9-3.29.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php-5.1.6-24.el5_4.5.src.rpm

i386:
php-5.1.6-24.el5_4.5.i386.rpm
php-bcmath-5.1.6-24.el5_4.5.i386.rpm
php-cli-5.1.6-24.el5_4.5.i386.rpm
php-common-5.1.6-24.el5_4.5.i386.rpm
php-dba-5.1.6-24.el5_4.5.i386.rpm
php-debuginfo-5.1.6-24.el5_4.5.i386.rpm
php-devel-5.1.6-24.el5_4.5.i386.rpm
php-gd-5.1.6-24.el5_4.5.i386.rpm
php-imap-5.1.6-24.el5_4.5.i386.rpm
php-ldap-5.1.6-24.el5_4.5.i386.rpm
php-mbstring-5.1.6-24.el5_4.5.i386.rpm
php-mysql-5.1.6-24.el5_4.5.i386.rpm
php-ncurses-5.1.6-24.el5_4.5.i386.rpm
php-odbc-5.1.6-24.el5_4.5.i386.rpm
php-pdo-5.1.6-24.el5_4.5.i386.rpm
php-pgsql-5.1.6-24.el5_4.5.i386.rpm
php-snmp-5.1.6-24.el5_4.5.i386.rpm
php-soap-5.1.6-24.el5_4.5.i386.rpm
php-xml-5.1.6-24.el5_4.5.i386.rpm
php-xmlrpc-5.1.6-24.el5_4.5.i386.rpm

x86_64:
php-5.1.6-24.el5_4.5.x86_64.rpm
php-bcmath-5.1.6-24.el5_4.5.x86_64.rpm
php-cli-5.1.6-24.el5_4.5.x86_64.rpm
php-common-5.1.6-24.el5_4.5.x86_64.rpm
php-dba-5.1.6-24.el5_4.5.x86_64.rpm
php-debuginfo-5.1.6-24.el5_4.5.x86_64.rpm
php-devel-5.1.6-24.el5_4.5.x86_64.rpm
php-gd-5.1.6-24.el5_4.5.x86_64.rpm
php-imap-5.1.6-24.el5_4.5.x86_64.rpm
php-ldap-5.1.6-24.el5_4.5.x86_64.rpm
php-mbstring-5.1.6-24.el5_4.5.x86_64.rpm
php-mysql-5.1.6-24.el5_4.5.x86_64.rpm
php-ncurses-5.1.6-24.el5_4.5.x86_64.rpm
php-odbc-5.1.6-24.el5_4.5.x86_64.rpm
php-pdo-5.1.6-24.el5_4.5.x86_64.rpm
php-pgsql-5.1.6-24.el5_4.5.x86_64.rpm
php-snmp-5.1.6-24.el5_4.5.x86_64.rpm
php-soap-5.1.6-24.el5_4.5.x86_64.rpm
php-xml-5.1.6-24.el5_4.5.x86_64.rpm
php-xmlrpc-5.1.6-24.el5_4.5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php-5.1.6-24.el5_4.5.src.rpm

i386:
php-5.1.6-24.el5_4.5.i386.rpm
php-bcmath-5.1.6-24.el5_4.5.i386.rpm
php-cli-5.1.6-24.el5_4.5.i386.rpm
php-common-5.1.6-24.el5_4.5.i386.rpm
php-dba-5.1.6-24.el5_4.5.i386.rpm
php-debuginfo-5.1.6-24.el5_4.5.i386.rpm
php-devel-5.1.6-24.el5_4.5.i386.rpm
php-gd-5.1.6-24.el5_4.5.i386.rpm
php-imap-5.1.6-24.el5_4.5.i386.rpm
php-ldap-5.1.6-24.el5_4.5.i386.rpm
php-mbstring-5.1.6-24.el5_4.5.i386.rpm
php-mysql-5.1.6-24.el5_4.5.i386.rpm
php-ncurses-5.1.6-24.el5_4.5.i386.rpm
php-odbc-5.1.6-24.el5_4.5.i386.rpm
php-pdo-5.1.6-24.el5_4.5.i386.rpm
php-pgsql-5.1.6-24.el5_4.5.i386.rpm
php-snmp-5.1.6-24.el5_4.5.i386.rpm
php-soap-5.1.6-24.el5_4.5.i386.rpm
php-xml-5.1.6-24.el5_4.5.i386.rpm
php-xmlrpc-5.1.6-24.el5_4.5.i386.rpm

ia64:
php-5.1.6-24.el5_4.5.ia64.rpm
php-bcmath-5.1.6-24.el5_4.5.ia64.rpm
php-cli-5.1.6-24.el5_4.5.ia64.rpm
php-common-5.1.6-24.el5_4.5.ia64.rpm
php-dba-5.1.6-24.el5_4.5.ia64.rpm
php-debuginfo-5.1.6-24.el5_4.5.ia64.rpm
php-devel-5.1.6-24.el5_4.5.ia64.rpm
php-gd-5.1.6-24.el5_4.5.ia64.rpm
php-imap-5.1.6-24.el5_4.5.ia64.rpm
php-ldap-5.1.6-24.el5_4.5.ia64.rpm
php-mbstring-5.1.6-24.el5_4.5.ia64.rpm
php-mysql-5.1.6-24.el5_4.5.ia64.rpm
php-ncurses-5.1.6-24.el5_4.5.ia64.rpm
php-odbc-5.1.6-24.el5_4.5.ia64.rpm
php-pdo-5.1.6-24.el5_4.5.ia64.rpm
php-pgsql-5.1.6-24.el5_4.5.ia64.rpm
php-snmp-5.1.6-24.el5_4.5.ia64.rpm
php-soap-5.1.6-24.el5_4.5.ia64.rpm
php-xml-5.1.6-24.el5_4.5.ia64.rpm
php-xmlrpc-5.1.6-24.el5_4.5.ia64.rpm

ppc:
php-5.1.6-24.el5_4.5.ppc.rpm
php-bcmath-5.1.6-24.el5_4.5.ppc.rpm
php-cli-5.1.6-24.el5_4.5.ppc.rpm
php-common-5.1.6-24.el5_4.5.ppc.rpm
php-dba-5.1.6-24.el5_4.5.ppc.rpm
php-debuginfo-5.1.6-24.el5_4.5.ppc.rpm
php-devel-5.1.6-24.el5_4.5.ppc.rpm
php-gd-5.1.6-24.el5_4.5.ppc.rpm
php-imap-5.1.6-24.el5_4.5.ppc.rpm
php-ldap-5.1.6-24.el5_4.5.ppc.rpm
php-mbstring-5.1.6-24.el5_4.5.ppc.rpm
php-mysql-5.1.6-24.el5_4.5.ppc.rpm
php-ncurses-5.1.6-24.el5_4.5.ppc.rpm
php-odbc-5.1.6-24.el5_4.5.ppc.rpm
php-pdo-5.1.6-24.el5_4.5.ppc.rpm
php-pgsql-5.1.6-24.el5_4.5.ppc.rpm
php-snmp-5.1.6-24.el5_4.5.ppc.rpm
php-soap-5.1.6-24.el5_4.5.ppc.rpm
php-xml-5.1.6-24.el5_4.5.ppc.rpm
php-xmlrpc-5.1.6-24.el5_4.5.ppc.rpm

s390x:
php-5.1.6-24.el5_4.5.s390x.rpm
php-bcmath-5.1.6-24.el5_4.5.s390x.rpm
php-cli-5.1.6-24.el5_4.5.s390x.rpm
php-common-5.1.6-24.el5_4.5.s390x.rpm
php-dba-5.1.6-24.el5_4.5.s390x.rpm
php-debuginfo-5.1.6-24.el5_4.5.s390x.rpm
php-devel-5.1.6-24.el5_4.5.s390x.rpm
php-gd-5.1.6-24.el5_4.5.s390x.rpm
php-imap-5.1.6-24.el5_4.5.s390x.rpm
php-ldap-5.1.6-24.el5_4.5.s390x.rpm
php-mbstring-5.1.6-24.el5_4.5.s390x.rpm
php-mysql-5.1.6-24.el5_4.5.s390x.rpm
php-ncurses-5.1.6-24.el5_4.5.s390x.rpm
php-odbc-5.1.6-24.el5_4.5.s390x.rpm
php-pdo-5.1.6-24.el5_4.5.s390x.rpm
php-pgsql-5.1.6-24.el5_4.5.s390x.rpm
php-snmp-5.1.6-24.el5_4.5.s390x.rpm
php-soap-5.1.6-24.el5_4.5.s390x.rpm
php-xml-5.1.6-24.el5_4.5.s390x.rpm
php-xmlrpc-5.1.6-24.el5_4.5.s390x.rpm

x86_64:
php-5.1.6-24.el5_4.5.x86_64.rpm
php-bcmath-5.1.6-24.el5_4.5.x86_64.rpm
php-cli-5.1.6-24.el5_4.5.x86_64.rpm
php-common-5.1.6-24.el5_4.5.x86_64.rpm
php-dba-5.1.6-24.el5_4.5.x86_64.rpm
php-debuginfo-5.1.6-24.el5_4.5.x86_64.rpm
php-devel-5.1.6-24.el5_4.5.x86_64.rpm
php-gd-5.1.6-24.el5_4.5.x86_64.rpm
php-imap-5.1.6-24.el5_4.5.x86_64.rpm
php-ldap-5.1.6-24.el5_4.5.x86_64.rpm
php-mbstring-5.1.6-24.el5_4.5.x86_64.rpm
php-mysql-5.1.6-24.el5_4.5.x86_64.rpm
php-ncurses-5.1.6-24.el5_4.5.x86_64.rpm
php-odbc-5.1.6-24.el5_4.5.x86_64.rpm
php-pdo-5.1.6-24.el5_4.5.x86_64.rpm
php-pgsql-5.1.6-24.el5_4.5.x86_64.rpm
php-snmp-5.1.6-24.el5_4.5.x86_64.rpm
php-soap-5.1.6-24.el5_4.5.x86_64.rpm
php-xml-5.1.6-24.el5_4.5.x86_64.rpm
php-xmlrpc-5.1.6-24.el5_4.5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-2687.html
https://www.redhat.com/security/data/cve/CVE-2009-3291.html
https://www.redhat.com/security/data/cve/CVE-2009-3292.html
https://www.redhat.com/security/data/cve/CVE-2009-3546.html
https://www.redhat.com/security/data/cve/CVE-2009-4017.html
https://www.redhat.com/security/data/cve/CVE-2009-4142.html
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFLTg2fXlSAg2UNWIIRAi8NAJ0c0HSIJKwHUyXQpsADmY Vf8eFbjQCeOobl
DLxyuWEk8AIU+xyZTvnRksU=
=SALC
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 11-29-2010, 08:42 PM
 
Default Moderate: php security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: php security update
Advisory ID: RHSA-2010:0919-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0919.html
Issue date: 2010-11-29
CVE Names: CVE-2009-5016 CVE-2010-0397 CVE-2010-1128
CVE-2010-1917 CVE-2010-2531 CVE-2010-3065
CVE-2010-3870
================================================== ===================

1. Summary:

Updated php packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.

An input validation flaw was discovered in the PHP session serializer. If a
PHP script generated session variable names from untrusted user input, a
remote attacker could use this flaw to inject an arbitrary variable into
the PHP session. (CVE-2010-3065)

An information leak flaw was discovered in the PHP var_export() function
implementation. If some fatal error occurred during the execution of this
function (such as the exhaustion of memory or script execution time limit),
part of the function's output was sent to the user as script output,
possibly leading to the disclosure of sensitive information.
(CVE-2010-2531)

A numeric truncation error and an input validation flaw were found in the
way the PHP utf8_decode() function decoded partial multi-byte sequences
for some multi-byte encodings, sending them to output without them being
escaped. An attacker could use these flaws to perform a cross-site
scripting attack. (CVE-2009-5016, CVE-2010-3870)

It was discovered that the PHP lcg_value() function used insufficient
entropy to seed the pseudo-random number generator. A remote attacker could
possibly use this flaw to predict values returned by the function, which
are used to generate session identifiers by default. This update changes
the function's implementation to use more entropy during seeding.
(CVE-2010-1128)

It was discovered that the PHP fnmatch() function did not restrict the
length of the pattern argument. A remote attacker could use this flaw to
crash the PHP interpreter where a script used fnmatch() on untrusted
matching patterns. (CVE-2010-1917)

A NULL pointer dereference flaw was discovered in the PHP XML-RPC
extension. A malicious XML-RPC client or server could use this flaw to
crash the PHP interpreter via a specially-crafted XML-RPC request.
(CVE-2010-0397)

All php users should upgrade to these updated packages, which contain
backported patches to resolve these issues. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

573779 - CVE-2010-0397 php: NULL pointer dereference in XML-RPC extension
577582 - CVE-2010-1128 php: LCG entropy weakness
617232 - CVE-2010-1917 php: fnmatch long pattern stack memory exhaustion (MOPS-2010-021)
617673 - CVE-2010-2531 php: information leak vulnerability in var_export()
619030 - CVE-2010-3065 php: session serializer session data injection vulnerability (MOPS-2010-060)
649056 - CVE-2010-3870 php: XSS mitigation bypass via utf8_decode()
652836 - CVE-2009-5016 php: XSS and SQL injection bypass via crafted overlong UTF-8 encoded string

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/php-4.3.9-3.31.src.rpm

i386:
php-4.3.9-3.31.i386.rpm
php-debuginfo-4.3.9-3.31.i386.rpm
php-devel-4.3.9-3.31.i386.rpm
php-domxml-4.3.9-3.31.i386.rpm
php-gd-4.3.9-3.31.i386.rpm
php-imap-4.3.9-3.31.i386.rpm
php-ldap-4.3.9-3.31.i386.rpm
php-mbstring-4.3.9-3.31.i386.rpm
php-mysql-4.3.9-3.31.i386.rpm
php-ncurses-4.3.9-3.31.i386.rpm
php-odbc-4.3.9-3.31.i386.rpm
php-pear-4.3.9-3.31.i386.rpm
php-pgsql-4.3.9-3.31.i386.rpm
php-snmp-4.3.9-3.31.i386.rpm
php-xmlrpc-4.3.9-3.31.i386.rpm

ia64:
php-4.3.9-3.31.ia64.rpm
php-debuginfo-4.3.9-3.31.ia64.rpm
php-devel-4.3.9-3.31.ia64.rpm
php-domxml-4.3.9-3.31.ia64.rpm
php-gd-4.3.9-3.31.ia64.rpm
php-imap-4.3.9-3.31.ia64.rpm
php-ldap-4.3.9-3.31.ia64.rpm
php-mbstring-4.3.9-3.31.ia64.rpm
php-mysql-4.3.9-3.31.ia64.rpm
php-ncurses-4.3.9-3.31.ia64.rpm
php-odbc-4.3.9-3.31.ia64.rpm
php-pear-4.3.9-3.31.ia64.rpm
php-pgsql-4.3.9-3.31.ia64.rpm
php-snmp-4.3.9-3.31.ia64.rpm
php-xmlrpc-4.3.9-3.31.ia64.rpm

ppc:
php-4.3.9-3.31.ppc.rpm
php-debuginfo-4.3.9-3.31.ppc.rpm
php-devel-4.3.9-3.31.ppc.rpm
php-domxml-4.3.9-3.31.ppc.rpm
php-gd-4.3.9-3.31.ppc.rpm
php-imap-4.3.9-3.31.ppc.rpm
php-ldap-4.3.9-3.31.ppc.rpm
php-mbstring-4.3.9-3.31.ppc.rpm
php-mysql-4.3.9-3.31.ppc.rpm
php-ncurses-4.3.9-3.31.ppc.rpm
php-odbc-4.3.9-3.31.ppc.rpm
php-pear-4.3.9-3.31.ppc.rpm
php-pgsql-4.3.9-3.31.ppc.rpm
php-snmp-4.3.9-3.31.ppc.rpm
php-xmlrpc-4.3.9-3.31.ppc.rpm

s390:
php-4.3.9-3.31.s390.rpm
php-debuginfo-4.3.9-3.31.s390.rpm
php-devel-4.3.9-3.31.s390.rpm
php-domxml-4.3.9-3.31.s390.rpm
php-gd-4.3.9-3.31.s390.rpm
php-imap-4.3.9-3.31.s390.rpm
php-ldap-4.3.9-3.31.s390.rpm
php-mbstring-4.3.9-3.31.s390.rpm
php-mysql-4.3.9-3.31.s390.rpm
php-ncurses-4.3.9-3.31.s390.rpm
php-odbc-4.3.9-3.31.s390.rpm
php-pear-4.3.9-3.31.s390.rpm
php-pgsql-4.3.9-3.31.s390.rpm
php-snmp-4.3.9-3.31.s390.rpm
php-xmlrpc-4.3.9-3.31.s390.rpm

s390x:
php-4.3.9-3.31.s390x.rpm
php-debuginfo-4.3.9-3.31.s390x.rpm
php-devel-4.3.9-3.31.s390x.rpm
php-domxml-4.3.9-3.31.s390x.rpm
php-gd-4.3.9-3.31.s390x.rpm
php-imap-4.3.9-3.31.s390x.rpm
php-ldap-4.3.9-3.31.s390x.rpm
php-mbstring-4.3.9-3.31.s390x.rpm
php-mysql-4.3.9-3.31.s390x.rpm
php-ncurses-4.3.9-3.31.s390x.rpm
php-odbc-4.3.9-3.31.s390x.rpm
php-pear-4.3.9-3.31.s390x.rpm
php-pgsql-4.3.9-3.31.s390x.rpm
php-snmp-4.3.9-3.31.s390x.rpm
php-xmlrpc-4.3.9-3.31.s390x.rpm

x86_64:
php-4.3.9-3.31.x86_64.rpm
php-debuginfo-4.3.9-3.31.x86_64.rpm
php-devel-4.3.9-3.31.x86_64.rpm
php-domxml-4.3.9-3.31.x86_64.rpm
php-gd-4.3.9-3.31.x86_64.rpm
php-imap-4.3.9-3.31.x86_64.rpm
php-ldap-4.3.9-3.31.x86_64.rpm
php-mbstring-4.3.9-3.31.x86_64.rpm
php-mysql-4.3.9-3.31.x86_64.rpm
php-ncurses-4.3.9-3.31.x86_64.rpm
php-odbc-4.3.9-3.31.x86_64.rpm
php-pear-4.3.9-3.31.x86_64.rpm
php-pgsql-4.3.9-3.31.x86_64.rpm
php-snmp-4.3.9-3.31.x86_64.rpm
php-xmlrpc-4.3.9-3.31.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/php-4.3.9-3.31.src.rpm

i386:
php-4.3.9-3.31.i386.rpm
php-debuginfo-4.3.9-3.31.i386.rpm
php-devel-4.3.9-3.31.i386.rpm
php-domxml-4.3.9-3.31.i386.rpm
php-gd-4.3.9-3.31.i386.rpm
php-imap-4.3.9-3.31.i386.rpm
php-ldap-4.3.9-3.31.i386.rpm
php-mbstring-4.3.9-3.31.i386.rpm
php-mysql-4.3.9-3.31.i386.rpm
php-ncurses-4.3.9-3.31.i386.rpm
php-odbc-4.3.9-3.31.i386.rpm
php-pear-4.3.9-3.31.i386.rpm
php-pgsql-4.3.9-3.31.i386.rpm
php-snmp-4.3.9-3.31.i386.rpm
php-xmlrpc-4.3.9-3.31.i386.rpm

x86_64:
php-4.3.9-3.31.x86_64.rpm
php-debuginfo-4.3.9-3.31.x86_64.rpm
php-devel-4.3.9-3.31.x86_64.rpm
php-domxml-4.3.9-3.31.x86_64.rpm
php-gd-4.3.9-3.31.x86_64.rpm
php-imap-4.3.9-3.31.x86_64.rpm
php-ldap-4.3.9-3.31.x86_64.rpm
php-mbstring-4.3.9-3.31.x86_64.rpm
php-mysql-4.3.9-3.31.x86_64.rpm
php-ncurses-4.3.9-3.31.x86_64.rpm
php-odbc-4.3.9-3.31.x86_64.rpm
php-pear-4.3.9-3.31.x86_64.rpm
php-pgsql-4.3.9-3.31.x86_64.rpm
php-snmp-4.3.9-3.31.x86_64.rpm
php-xmlrpc-4.3.9-3.31.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/php-4.3.9-3.31.src.rpm

i386:
php-4.3.9-3.31.i386.rpm
php-debuginfo-4.3.9-3.31.i386.rpm
php-devel-4.3.9-3.31.i386.rpm
php-domxml-4.3.9-3.31.i386.rpm
php-gd-4.3.9-3.31.i386.rpm
php-imap-4.3.9-3.31.i386.rpm
php-ldap-4.3.9-3.31.i386.rpm
php-mbstring-4.3.9-3.31.i386.rpm
php-mysql-4.3.9-3.31.i386.rpm
php-ncurses-4.3.9-3.31.i386.rpm
php-odbc-4.3.9-3.31.i386.rpm
php-pear-4.3.9-3.31.i386.rpm
php-pgsql-4.3.9-3.31.i386.rpm
php-snmp-4.3.9-3.31.i386.rpm
php-xmlrpc-4.3.9-3.31.i386.rpm

ia64:
php-4.3.9-3.31.ia64.rpm
php-debuginfo-4.3.9-3.31.ia64.rpm
php-devel-4.3.9-3.31.ia64.rpm
php-domxml-4.3.9-3.31.ia64.rpm
php-gd-4.3.9-3.31.ia64.rpm
php-imap-4.3.9-3.31.ia64.rpm
php-ldap-4.3.9-3.31.ia64.rpm
php-mbstring-4.3.9-3.31.ia64.rpm
php-mysql-4.3.9-3.31.ia64.rpm
php-ncurses-4.3.9-3.31.ia64.rpm
php-odbc-4.3.9-3.31.ia64.rpm
php-pear-4.3.9-3.31.ia64.rpm
php-pgsql-4.3.9-3.31.ia64.rpm
php-snmp-4.3.9-3.31.ia64.rpm
php-xmlrpc-4.3.9-3.31.ia64.rpm

x86_64:
php-4.3.9-3.31.x86_64.rpm
php-debuginfo-4.3.9-3.31.x86_64.rpm
php-devel-4.3.9-3.31.x86_64.rpm
php-domxml-4.3.9-3.31.x86_64.rpm
php-gd-4.3.9-3.31.x86_64.rpm
php-imap-4.3.9-3.31.x86_64.rpm
php-ldap-4.3.9-3.31.x86_64.rpm
php-mbstring-4.3.9-3.31.x86_64.rpm
php-mysql-4.3.9-3.31.x86_64.rpm
php-ncurses-4.3.9-3.31.x86_64.rpm
php-odbc-4.3.9-3.31.x86_64.rpm
php-pear-4.3.9-3.31.x86_64.rpm
php-pgsql-4.3.9-3.31.x86_64.rpm
php-snmp-4.3.9-3.31.x86_64.rpm
php-xmlrpc-4.3.9-3.31.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/php-4.3.9-3.31.src.rpm

i386:
php-4.3.9-3.31.i386.rpm
php-debuginfo-4.3.9-3.31.i386.rpm
php-devel-4.3.9-3.31.i386.rpm
php-domxml-4.3.9-3.31.i386.rpm
php-gd-4.3.9-3.31.i386.rpm
php-imap-4.3.9-3.31.i386.rpm
php-ldap-4.3.9-3.31.i386.rpm
php-mbstring-4.3.9-3.31.i386.rpm
php-mysql-4.3.9-3.31.i386.rpm
php-ncurses-4.3.9-3.31.i386.rpm
php-odbc-4.3.9-3.31.i386.rpm
php-pear-4.3.9-3.31.i386.rpm
php-pgsql-4.3.9-3.31.i386.rpm
php-snmp-4.3.9-3.31.i386.rpm
php-xmlrpc-4.3.9-3.31.i386.rpm

ia64:
php-4.3.9-3.31.ia64.rpm
php-debuginfo-4.3.9-3.31.ia64.rpm
php-devel-4.3.9-3.31.ia64.rpm
php-domxml-4.3.9-3.31.ia64.rpm
php-gd-4.3.9-3.31.ia64.rpm
php-imap-4.3.9-3.31.ia64.rpm
php-ldap-4.3.9-3.31.ia64.rpm
php-mbstring-4.3.9-3.31.ia64.rpm
php-mysql-4.3.9-3.31.ia64.rpm
php-ncurses-4.3.9-3.31.ia64.rpm
php-odbc-4.3.9-3.31.ia64.rpm
php-pear-4.3.9-3.31.ia64.rpm
php-pgsql-4.3.9-3.31.ia64.rpm
php-snmp-4.3.9-3.31.ia64.rpm
php-xmlrpc-4.3.9-3.31.ia64.rpm

x86_64:
php-4.3.9-3.31.x86_64.rpm
php-debuginfo-4.3.9-3.31.x86_64.rpm
php-devel-4.3.9-3.31.x86_64.rpm
php-domxml-4.3.9-3.31.x86_64.rpm
php-gd-4.3.9-3.31.x86_64.rpm
php-imap-4.3.9-3.31.x86_64.rpm
php-ldap-4.3.9-3.31.x86_64.rpm
php-mbstring-4.3.9-3.31.x86_64.rpm
php-mysql-4.3.9-3.31.x86_64.rpm
php-ncurses-4.3.9-3.31.x86_64.rpm
php-odbc-4.3.9-3.31.x86_64.rpm
php-pear-4.3.9-3.31.x86_64.rpm
php-pgsql-4.3.9-3.31.x86_64.rpm
php-snmp-4.3.9-3.31.x86_64.rpm
php-xmlrpc-4.3.9-3.31.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php-5.1.6-27.el5_5.3.src.rpm

i386:
php-5.1.6-27.el5_5.3.i386.rpm
php-bcmath-5.1.6-27.el5_5.3.i386.rpm
php-cli-5.1.6-27.el5_5.3.i386.rpm
php-common-5.1.6-27.el5_5.3.i386.rpm
php-dba-5.1.6-27.el5_5.3.i386.rpm
php-debuginfo-5.1.6-27.el5_5.3.i386.rpm
php-devel-5.1.6-27.el5_5.3.i386.rpm
php-gd-5.1.6-27.el5_5.3.i386.rpm
php-imap-5.1.6-27.el5_5.3.i386.rpm
php-ldap-5.1.6-27.el5_5.3.i386.rpm
php-mbstring-5.1.6-27.el5_5.3.i386.rpm
php-mysql-5.1.6-27.el5_5.3.i386.rpm
php-ncurses-5.1.6-27.el5_5.3.i386.rpm
php-odbc-5.1.6-27.el5_5.3.i386.rpm
php-pdo-5.1.6-27.el5_5.3.i386.rpm
php-pgsql-5.1.6-27.el5_5.3.i386.rpm
php-snmp-5.1.6-27.el5_5.3.i386.rpm
php-soap-5.1.6-27.el5_5.3.i386.rpm
php-xml-5.1.6-27.el5_5.3.i386.rpm
php-xmlrpc-5.1.6-27.el5_5.3.i386.rpm

x86_64:
php-5.1.6-27.el5_5.3.x86_64.rpm
php-bcmath-5.1.6-27.el5_5.3.x86_64.rpm
php-cli-5.1.6-27.el5_5.3.x86_64.rpm
php-common-5.1.6-27.el5_5.3.x86_64.rpm
php-dba-5.1.6-27.el5_5.3.x86_64.rpm
php-debuginfo-5.1.6-27.el5_5.3.x86_64.rpm
php-devel-5.1.6-27.el5_5.3.x86_64.rpm
php-gd-5.1.6-27.el5_5.3.x86_64.rpm
php-imap-5.1.6-27.el5_5.3.x86_64.rpm
php-ldap-5.1.6-27.el5_5.3.x86_64.rpm
php-mbstring-5.1.6-27.el5_5.3.x86_64.rpm
php-mysql-5.1.6-27.el5_5.3.x86_64.rpm
php-ncurses-5.1.6-27.el5_5.3.x86_64.rpm
php-odbc-5.1.6-27.el5_5.3.x86_64.rpm
php-pdo-5.1.6-27.el5_5.3.x86_64.rpm
php-pgsql-5.1.6-27.el5_5.3.x86_64.rpm
php-snmp-5.1.6-27.el5_5.3.x86_64.rpm
php-soap-5.1.6-27.el5_5.3.x86_64.rpm
php-xml-5.1.6-27.el5_5.3.x86_64.rpm
php-xmlrpc-5.1.6-27.el5_5.3.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php-5.1.6-27.el5_5.3.src.rpm

i386:
php-5.1.6-27.el5_5.3.i386.rpm
php-bcmath-5.1.6-27.el5_5.3.i386.rpm
php-cli-5.1.6-27.el5_5.3.i386.rpm
php-common-5.1.6-27.el5_5.3.i386.rpm
php-dba-5.1.6-27.el5_5.3.i386.rpm
php-debuginfo-5.1.6-27.el5_5.3.i386.rpm
php-devel-5.1.6-27.el5_5.3.i386.rpm
php-gd-5.1.6-27.el5_5.3.i386.rpm
php-imap-5.1.6-27.el5_5.3.i386.rpm
php-ldap-5.1.6-27.el5_5.3.i386.rpm
php-mbstring-5.1.6-27.el5_5.3.i386.rpm
php-mysql-5.1.6-27.el5_5.3.i386.rpm
php-ncurses-5.1.6-27.el5_5.3.i386.rpm
php-odbc-5.1.6-27.el5_5.3.i386.rpm
php-pdo-5.1.6-27.el5_5.3.i386.rpm
php-pgsql-5.1.6-27.el5_5.3.i386.rpm
php-snmp-5.1.6-27.el5_5.3.i386.rpm
php-soap-5.1.6-27.el5_5.3.i386.rpm
php-xml-5.1.6-27.el5_5.3.i386.rpm
php-xmlrpc-5.1.6-27.el5_5.3.i386.rpm

ia64:
php-5.1.6-27.el5_5.3.ia64.rpm
php-bcmath-5.1.6-27.el5_5.3.ia64.rpm
php-cli-5.1.6-27.el5_5.3.ia64.rpm
php-common-5.1.6-27.el5_5.3.ia64.rpm
php-dba-5.1.6-27.el5_5.3.ia64.rpm
php-debuginfo-5.1.6-27.el5_5.3.ia64.rpm
php-devel-5.1.6-27.el5_5.3.ia64.rpm
php-gd-5.1.6-27.el5_5.3.ia64.rpm
php-imap-5.1.6-27.el5_5.3.ia64.rpm
php-ldap-5.1.6-27.el5_5.3.ia64.rpm
php-mbstring-5.1.6-27.el5_5.3.ia64.rpm
php-mysql-5.1.6-27.el5_5.3.ia64.rpm
php-ncurses-5.1.6-27.el5_5.3.ia64.rpm
php-odbc-5.1.6-27.el5_5.3.ia64.rpm
php-pdo-5.1.6-27.el5_5.3.ia64.rpm
php-pgsql-5.1.6-27.el5_5.3.ia64.rpm
php-snmp-5.1.6-27.el5_5.3.ia64.rpm
php-soap-5.1.6-27.el5_5.3.ia64.rpm
php-xml-5.1.6-27.el5_5.3.ia64.rpm
php-xmlrpc-5.1.6-27.el5_5.3.ia64.rpm

ppc:
php-5.1.6-27.el5_5.3.ppc.rpm
php-bcmath-5.1.6-27.el5_5.3.ppc.rpm
php-cli-5.1.6-27.el5_5.3.ppc.rpm
php-common-5.1.6-27.el5_5.3.ppc.rpm
php-dba-5.1.6-27.el5_5.3.ppc.rpm
php-debuginfo-5.1.6-27.el5_5.3.ppc.rpm
php-devel-5.1.6-27.el5_5.3.ppc.rpm
php-gd-5.1.6-27.el5_5.3.ppc.rpm
php-imap-5.1.6-27.el5_5.3.ppc.rpm
php-ldap-5.1.6-27.el5_5.3.ppc.rpm
php-mbstring-5.1.6-27.el5_5.3.ppc.rpm
php-mysql-5.1.6-27.el5_5.3.ppc.rpm
php-ncurses-5.1.6-27.el5_5.3.ppc.rpm
php-odbc-5.1.6-27.el5_5.3.ppc.rpm
php-pdo-5.1.6-27.el5_5.3.ppc.rpm
php-pgsql-5.1.6-27.el5_5.3.ppc.rpm
php-snmp-5.1.6-27.el5_5.3.ppc.rpm
php-soap-5.1.6-27.el5_5.3.ppc.rpm
php-xml-5.1.6-27.el5_5.3.ppc.rpm
php-xmlrpc-5.1.6-27.el5_5.3.ppc.rpm

s390x:
php-5.1.6-27.el5_5.3.s390x.rpm
php-bcmath-5.1.6-27.el5_5.3.s390x.rpm
php-cli-5.1.6-27.el5_5.3.s390x.rpm
php-common-5.1.6-27.el5_5.3.s390x.rpm
php-dba-5.1.6-27.el5_5.3.s390x.rpm
php-debuginfo-5.1.6-27.el5_5.3.s390x.rpm
php-devel-5.1.6-27.el5_5.3.s390x.rpm
php-gd-5.1.6-27.el5_5.3.s390x.rpm
php-imap-5.1.6-27.el5_5.3.s390x.rpm
php-ldap-5.1.6-27.el5_5.3.s390x.rpm
php-mbstring-5.1.6-27.el5_5.3.s390x.rpm
php-mysql-5.1.6-27.el5_5.3.s390x.rpm
php-ncurses-5.1.6-27.el5_5.3.s390x.rpm
php-odbc-5.1.6-27.el5_5.3.s390x.rpm
php-pdo-5.1.6-27.el5_5.3.s390x.rpm
php-pgsql-5.1.6-27.el5_5.3.s390x.rpm
php-snmp-5.1.6-27.el5_5.3.s390x.rpm
php-soap-5.1.6-27.el5_5.3.s390x.rpm
php-xml-5.1.6-27.el5_5.3.s390x.rpm
php-xmlrpc-5.1.6-27.el5_5.3.s390x.rpm

x86_64:
php-5.1.6-27.el5_5.3.x86_64.rpm
php-bcmath-5.1.6-27.el5_5.3.x86_64.rpm
php-cli-5.1.6-27.el5_5.3.x86_64.rpm
php-common-5.1.6-27.el5_5.3.x86_64.rpm
php-dba-5.1.6-27.el5_5.3.x86_64.rpm
php-debuginfo-5.1.6-27.el5_5.3.x86_64.rpm
php-devel-5.1.6-27.el5_5.3.x86_64.rpm
php-gd-5.1.6-27.el5_5.3.x86_64.rpm
php-imap-5.1.6-27.el5_5.3.x86_64.rpm
php-ldap-5.1.6-27.el5_5.3.x86_64.rpm
php-mbstring-5.1.6-27.el5_5.3.x86_64.rpm
php-mysql-5.1.6-27.el5_5.3.x86_64.rpm
php-ncurses-5.1.6-27.el5_5.3.x86_64.rpm
php-odbc-5.1.6-27.el5_5.3.x86_64.rpm
php-pdo-5.1.6-27.el5_5.3.x86_64.rpm
php-pgsql-5.1.6-27.el5_5.3.x86_64.rpm
php-snmp-5.1.6-27.el5_5.3.x86_64.rpm
php-soap-5.1.6-27.el5_5.3.x86_64.rpm
php-xml-5.1.6-27.el5_5.3.x86_64.rpm
php-xmlrpc-5.1.6-27.el5_5.3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-5016.html
https://www.redhat.com/security/data/cve/CVE-2010-0397.html
https://www.redhat.com/security/data/cve/CVE-2010-1128.html
https://www.redhat.com/security/data/cve/CVE-2010-1917.html
https://www.redhat.com/security/data/cve/CVE-2010-2531.html
https://www.redhat.com/security/data/cve/CVE-2010-3065.html
https://www.redhat.com/security/data/cve/CVE-2010-3870.html
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFM9B4uXlSAg2UNWIIRAtgBAJwONIvgqNaAhnt5o6xZL6 NEfRINjwCbBOqb
pl5q85Dktazh8MJSGYxiOS0=
=1XjU
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 02-03-2011, 07:21 PM
 
Default Moderate: php security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: php security update
Advisory ID: RHSA-2011:0195-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0195.html
Issue date: 2011-02-03
CVE Names: CVE-2009-5016 CVE-2010-3709 CVE-2010-3870
CVE-2010-4645
================================================== ===================

1. Summary:

Updated php packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.

A flaw was found in the way PHP converted certain floating point values
from string representation to a number. If a PHP script evaluated an
attacker's input in a numeric context, the PHP interpreter could cause high
CPU usage until the script execution time limit is reached. This issue only
affected i386 systems. (CVE-2010-4645)

A numeric truncation error and an input validation flaw were found in the
way the PHP utf8_decode() function decoded partial multi-byte sequences
for some multi-byte encodings, sending them to output without them being
escaped. An attacker could use these flaws to perform a cross-site
scripting attack. (CVE-2009-5016, CVE-2010-3870)

A NULL pointer dereference flaw was found in the PHP
ZipArchive::getArchiveComment function. If a script used this function to
inspect a specially-crafted ZIP archive file, it could cause the PHP
interpreter to crash. (CVE-2010-3709)

All php users should upgrade to these updated packages, which contain
backported patches to resolve these issues. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

649056 - CVE-2010-3870 php: XSS mitigation bypass via utf8_decode()
651206 - CVE-2010-3709 php: NULL pointer dereference in ZipArchive::getArchiveComment
652836 - CVE-2009-5016 php: XSS and SQL injection bypass via crafted overlong UTF-8 encoded string
667806 - CVE-2010-4645 php: hang on numeric value 2.2250738585072011e-308 with x87 fpu

6. Package List:

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/php-5.3.2-6.el6_0.1.src.rpm

i386:
php-5.3.2-6.el6_0.1.i686.rpm
php-bcmath-5.3.2-6.el6_0.1.i686.rpm
php-cli-5.3.2-6.el6_0.1.i686.rpm
php-common-5.3.2-6.el6_0.1.i686.rpm
php-dba-5.3.2-6.el6_0.1.i686.rpm
php-debuginfo-5.3.2-6.el6_0.1.i686.rpm
php-devel-5.3.2-6.el6_0.1.i686.rpm
php-embedded-5.3.2-6.el6_0.1.i686.rpm
php-enchant-5.3.2-6.el6_0.1.i686.rpm
php-gd-5.3.2-6.el6_0.1.i686.rpm
php-imap-5.3.2-6.el6_0.1.i686.rpm
php-intl-5.3.2-6.el6_0.1.i686.rpm
php-ldap-5.3.2-6.el6_0.1.i686.rpm
php-mbstring-5.3.2-6.el6_0.1.i686.rpm
php-mysql-5.3.2-6.el6_0.1.i686.rpm
php-odbc-5.3.2-6.el6_0.1.i686.rpm
php-pdo-5.3.2-6.el6_0.1.i686.rpm
php-pgsql-5.3.2-6.el6_0.1.i686.rpm
php-process-5.3.2-6.el6_0.1.i686.rpm
php-pspell-5.3.2-6.el6_0.1.i686.rpm
php-recode-5.3.2-6.el6_0.1.i686.rpm
php-snmp-5.3.2-6.el6_0.1.i686.rpm
php-soap-5.3.2-6.el6_0.1.i686.rpm
php-tidy-5.3.2-6.el6_0.1.i686.rpm
php-xml-5.3.2-6.el6_0.1.i686.rpm
php-xmlrpc-5.3.2-6.el6_0.1.i686.rpm
php-zts-5.3.2-6.el6_0.1.i686.rpm

x86_64:
php-5.3.2-6.el6_0.1.x86_64.rpm
php-bcmath-5.3.2-6.el6_0.1.x86_64.rpm
php-cli-5.3.2-6.el6_0.1.x86_64.rpm
php-common-5.3.2-6.el6_0.1.x86_64.rpm
php-dba-5.3.2-6.el6_0.1.x86_64.rpm
php-debuginfo-5.3.2-6.el6_0.1.x86_64.rpm
php-devel-5.3.2-6.el6_0.1.x86_64.rpm
php-embedded-5.3.2-6.el6_0.1.x86_64.rpm
php-enchant-5.3.2-6.el6_0.1.x86_64.rpm
php-gd-5.3.2-6.el6_0.1.x86_64.rpm
php-imap-5.3.2-6.el6_0.1.x86_64.rpm
php-intl-5.3.2-6.el6_0.1.x86_64.rpm
php-ldap-5.3.2-6.el6_0.1.x86_64.rpm
php-mbstring-5.3.2-6.el6_0.1.x86_64.rpm
php-mysql-5.3.2-6.el6_0.1.x86_64.rpm
php-odbc-5.3.2-6.el6_0.1.x86_64.rpm
php-pdo-5.3.2-6.el6_0.1.x86_64.rpm
php-pgsql-5.3.2-6.el6_0.1.x86_64.rpm
php-process-5.3.2-6.el6_0.1.x86_64.rpm
php-pspell-5.3.2-6.el6_0.1.x86_64.rpm
php-recode-5.3.2-6.el6_0.1.x86_64.rpm
php-snmp-5.3.2-6.el6_0.1.x86_64.rpm
php-soap-5.3.2-6.el6_0.1.x86_64.rpm
php-tidy-5.3.2-6.el6_0.1.x86_64.rpm
php-xml-5.3.2-6.el6_0.1.x86_64.rpm
php-xmlrpc-5.3.2-6.el6_0.1.x86_64.rpm
php-zts-5.3.2-6.el6_0.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.2-6.el6_0.1.src.rpm

x86_64:
php-5.3.2-6.el6_0.1.x86_64.rpm
php-bcmath-5.3.2-6.el6_0.1.x86_64.rpm
php-cli-5.3.2-6.el6_0.1.x86_64.rpm
php-common-5.3.2-6.el6_0.1.x86_64.rpm
php-dba-5.3.2-6.el6_0.1.x86_64.rpm
php-debuginfo-5.3.2-6.el6_0.1.x86_64.rpm
php-devel-5.3.2-6.el6_0.1.x86_64.rpm
php-embedded-5.3.2-6.el6_0.1.x86_64.rpm
php-enchant-5.3.2-6.el6_0.1.x86_64.rpm
php-gd-5.3.2-6.el6_0.1.x86_64.rpm
php-imap-5.3.2-6.el6_0.1.x86_64.rpm
php-intl-5.3.2-6.el6_0.1.x86_64.rpm
php-ldap-5.3.2-6.el6_0.1.x86_64.rpm
php-mbstring-5.3.2-6.el6_0.1.x86_64.rpm
php-mysql-5.3.2-6.el6_0.1.x86_64.rpm
php-odbc-5.3.2-6.el6_0.1.x86_64.rpm
php-pdo-5.3.2-6.el6_0.1.x86_64.rpm
php-pgsql-5.3.2-6.el6_0.1.x86_64.rpm
php-process-5.3.2-6.el6_0.1.x86_64.rpm
php-pspell-5.3.2-6.el6_0.1.x86_64.rpm
php-recode-5.3.2-6.el6_0.1.x86_64.rpm
php-snmp-5.3.2-6.el6_0.1.x86_64.rpm
php-soap-5.3.2-6.el6_0.1.x86_64.rpm
php-tidy-5.3.2-6.el6_0.1.x86_64.rpm
php-xml-5.3.2-6.el6_0.1.x86_64.rpm
php-xmlrpc-5.3.2-6.el6_0.1.x86_64.rpm
php-zts-5.3.2-6.el6_0.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.2-6.el6_0.1.src.rpm

i386:
php-5.3.2-6.el6_0.1.i686.rpm
php-cli-5.3.2-6.el6_0.1.i686.rpm
php-common-5.3.2-6.el6_0.1.i686.rpm
php-debuginfo-5.3.2-6.el6_0.1.i686.rpm
php-gd-5.3.2-6.el6_0.1.i686.rpm
php-ldap-5.3.2-6.el6_0.1.i686.rpm
php-mysql-5.3.2-6.el6_0.1.i686.rpm
php-odbc-5.3.2-6.el6_0.1.i686.rpm
php-pdo-5.3.2-6.el6_0.1.i686.rpm
php-pgsql-5.3.2-6.el6_0.1.i686.rpm
php-soap-5.3.2-6.el6_0.1.i686.rpm
php-xml-5.3.2-6.el6_0.1.i686.rpm
php-xmlrpc-5.3.2-6.el6_0.1.i686.rpm

ppc64:
php-5.3.2-6.el6_0.1.ppc64.rpm
php-cli-5.3.2-6.el6_0.1.ppc64.rpm
php-common-5.3.2-6.el6_0.1.ppc64.rpm
php-debuginfo-5.3.2-6.el6_0.1.ppc64.rpm
php-gd-5.3.2-6.el6_0.1.ppc64.rpm
php-ldap-5.3.2-6.el6_0.1.ppc64.rpm
php-mysql-5.3.2-6.el6_0.1.ppc64.rpm
php-odbc-5.3.2-6.el6_0.1.ppc64.rpm
php-pdo-5.3.2-6.el6_0.1.ppc64.rpm
php-pgsql-5.3.2-6.el6_0.1.ppc64.rpm
php-soap-5.3.2-6.el6_0.1.ppc64.rpm
php-xml-5.3.2-6.el6_0.1.ppc64.rpm
php-xmlrpc-5.3.2-6.el6_0.1.ppc64.rpm

s390x:
php-5.3.2-6.el6_0.1.s390x.rpm
php-cli-5.3.2-6.el6_0.1.s390x.rpm
php-common-5.3.2-6.el6_0.1.s390x.rpm
php-debuginfo-5.3.2-6.el6_0.1.s390x.rpm
php-gd-5.3.2-6.el6_0.1.s390x.rpm
php-ldap-5.3.2-6.el6_0.1.s390x.rpm
php-mysql-5.3.2-6.el6_0.1.s390x.rpm
php-odbc-5.3.2-6.el6_0.1.s390x.rpm
php-pdo-5.3.2-6.el6_0.1.s390x.rpm
php-pgsql-5.3.2-6.el6_0.1.s390x.rpm
php-soap-5.3.2-6.el6_0.1.s390x.rpm
php-xml-5.3.2-6.el6_0.1.s390x.rpm
php-xmlrpc-5.3.2-6.el6_0.1.s390x.rpm

x86_64:
php-5.3.2-6.el6_0.1.x86_64.rpm
php-cli-5.3.2-6.el6_0.1.x86_64.rpm
php-common-5.3.2-6.el6_0.1.x86_64.rpm
php-debuginfo-5.3.2-6.el6_0.1.x86_64.rpm
php-gd-5.3.2-6.el6_0.1.x86_64.rpm
php-ldap-5.3.2-6.el6_0.1.x86_64.rpm
php-mysql-5.3.2-6.el6_0.1.x86_64.rpm
php-odbc-5.3.2-6.el6_0.1.x86_64.rpm
php-pdo-5.3.2-6.el6_0.1.x86_64.rpm
php-pgsql-5.3.2-6.el6_0.1.x86_64.rpm
php-soap-5.3.2-6.el6_0.1.x86_64.rpm
php-xml-5.3.2-6.el6_0.1.x86_64.rpm
php-xmlrpc-5.3.2-6.el6_0.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.2-6.el6_0.1.src.rpm

i386:
php-bcmath-5.3.2-6.el6_0.1.i686.rpm
php-dba-5.3.2-6.el6_0.1.i686.rpm
php-debuginfo-5.3.2-6.el6_0.1.i686.rpm
php-devel-5.3.2-6.el6_0.1.i686.rpm
php-embedded-5.3.2-6.el6_0.1.i686.rpm
php-enchant-5.3.2-6.el6_0.1.i686.rpm
php-imap-5.3.2-6.el6_0.1.i686.rpm
php-intl-5.3.2-6.el6_0.1.i686.rpm
php-mbstring-5.3.2-6.el6_0.1.i686.rpm
php-process-5.3.2-6.el6_0.1.i686.rpm
php-pspell-5.3.2-6.el6_0.1.i686.rpm
php-recode-5.3.2-6.el6_0.1.i686.rpm
php-snmp-5.3.2-6.el6_0.1.i686.rpm
php-tidy-5.3.2-6.el6_0.1.i686.rpm
php-zts-5.3.2-6.el6_0.1.i686.rpm

ppc64:
php-bcmath-5.3.2-6.el6_0.1.ppc64.rpm
php-dba-5.3.2-6.el6_0.1.ppc64.rpm
php-debuginfo-5.3.2-6.el6_0.1.ppc64.rpm
php-devel-5.3.2-6.el6_0.1.ppc64.rpm
php-embedded-5.3.2-6.el6_0.1.ppc64.rpm
php-enchant-5.3.2-6.el6_0.1.ppc64.rpm
php-imap-5.3.2-6.el6_0.1.ppc64.rpm
php-intl-5.3.2-6.el6_0.1.ppc64.rpm
php-mbstring-5.3.2-6.el6_0.1.ppc64.rpm
php-process-5.3.2-6.el6_0.1.ppc64.rpm
php-pspell-5.3.2-6.el6_0.1.ppc64.rpm
php-recode-5.3.2-6.el6_0.1.ppc64.rpm
php-snmp-5.3.2-6.el6_0.1.ppc64.rpm
php-tidy-5.3.2-6.el6_0.1.ppc64.rpm
php-zts-5.3.2-6.el6_0.1.ppc64.rpm

s390x:
php-bcmath-5.3.2-6.el6_0.1.s390x.rpm
php-dba-5.3.2-6.el6_0.1.s390x.rpm
php-debuginfo-5.3.2-6.el6_0.1.s390x.rpm
php-devel-5.3.2-6.el6_0.1.s390x.rpm
php-embedded-5.3.2-6.el6_0.1.s390x.rpm
php-enchant-5.3.2-6.el6_0.1.s390x.rpm
php-imap-5.3.2-6.el6_0.1.s390x.rpm
php-intl-5.3.2-6.el6_0.1.s390x.rpm
php-mbstring-5.3.2-6.el6_0.1.s390x.rpm
php-process-5.3.2-6.el6_0.1.s390x.rpm
php-pspell-5.3.2-6.el6_0.1.s390x.rpm
php-recode-5.3.2-6.el6_0.1.s390x.rpm
php-snmp-5.3.2-6.el6_0.1.s390x.rpm
php-tidy-5.3.2-6.el6_0.1.s390x.rpm
php-zts-5.3.2-6.el6_0.1.s390x.rpm

x86_64:
php-bcmath-5.3.2-6.el6_0.1.x86_64.rpm
php-dba-5.3.2-6.el6_0.1.x86_64.rpm
php-debuginfo-5.3.2-6.el6_0.1.x86_64.rpm
php-devel-5.3.2-6.el6_0.1.x86_64.rpm
php-embedded-5.3.2-6.el6_0.1.x86_64.rpm
php-enchant-5.3.2-6.el6_0.1.x86_64.rpm
php-imap-5.3.2-6.el6_0.1.x86_64.rpm
php-intl-5.3.2-6.el6_0.1.x86_64.rpm
php-mbstring-5.3.2-6.el6_0.1.x86_64.rpm
php-process-5.3.2-6.el6_0.1.x86_64.rpm
php-pspell-5.3.2-6.el6_0.1.x86_64.rpm
php-recode-5.3.2-6.el6_0.1.x86_64.rpm
php-snmp-5.3.2-6.el6_0.1.x86_64.rpm
php-tidy-5.3.2-6.el6_0.1.x86_64.rpm
php-zts-5.3.2-6.el6_0.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.2-6.el6_0.1.src.rpm

i386:
php-5.3.2-6.el6_0.1.i686.rpm
php-cli-5.3.2-6.el6_0.1.i686.rpm
php-common-5.3.2-6.el6_0.1.i686.rpm
php-debuginfo-5.3.2-6.el6_0.1.i686.rpm
php-gd-5.3.2-6.el6_0.1.i686.rpm
php-ldap-5.3.2-6.el6_0.1.i686.rpm
php-mysql-5.3.2-6.el6_0.1.i686.rpm
php-odbc-5.3.2-6.el6_0.1.i686.rpm
php-pdo-5.3.2-6.el6_0.1.i686.rpm
php-pgsql-5.3.2-6.el6_0.1.i686.rpm
php-soap-5.3.2-6.el6_0.1.i686.rpm
php-xml-5.3.2-6.el6_0.1.i686.rpm
php-xmlrpc-5.3.2-6.el6_0.1.i686.rpm

x86_64:
php-5.3.2-6.el6_0.1.x86_64.rpm
php-cli-5.3.2-6.el6_0.1.x86_64.rpm
php-common-5.3.2-6.el6_0.1.x86_64.rpm
php-debuginfo-5.3.2-6.el6_0.1.x86_64.rpm
php-gd-5.3.2-6.el6_0.1.x86_64.rpm
php-ldap-5.3.2-6.el6_0.1.x86_64.rpm
php-mysql-5.3.2-6.el6_0.1.x86_64.rpm
php-odbc-5.3.2-6.el6_0.1.x86_64.rpm
php-pdo-5.3.2-6.el6_0.1.x86_64.rpm
php-pgsql-5.3.2-6.el6_0.1.x86_64.rpm
php-soap-5.3.2-6.el6_0.1.x86_64.rpm
php-xml-5.3.2-6.el6_0.1.x86_64.rpm
php-xmlrpc-5.3.2-6.el6_0.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.2-6.el6_0.1.src.rpm

i386:
php-bcmath-5.3.2-6.el6_0.1.i686.rpm
php-dba-5.3.2-6.el6_0.1.i686.rpm
php-debuginfo-5.3.2-6.el6_0.1.i686.rpm
php-devel-5.3.2-6.el6_0.1.i686.rpm
php-embedded-5.3.2-6.el6_0.1.i686.rpm
php-enchant-5.3.2-6.el6_0.1.i686.rpm
php-imap-5.3.2-6.el6_0.1.i686.rpm
php-intl-5.3.2-6.el6_0.1.i686.rpm
php-mbstring-5.3.2-6.el6_0.1.i686.rpm
php-process-5.3.2-6.el6_0.1.i686.rpm
php-pspell-5.3.2-6.el6_0.1.i686.rpm
php-recode-5.3.2-6.el6_0.1.i686.rpm
php-snmp-5.3.2-6.el6_0.1.i686.rpm
php-tidy-5.3.2-6.el6_0.1.i686.rpm
php-zts-5.3.2-6.el6_0.1.i686.rpm

x86_64:
php-bcmath-5.3.2-6.el6_0.1.x86_64.rpm
php-dba-5.3.2-6.el6_0.1.x86_64.rpm
php-debuginfo-5.3.2-6.el6_0.1.x86_64.rpm
php-devel-5.3.2-6.el6_0.1.x86_64.rpm
php-embedded-5.3.2-6.el6_0.1.x86_64.rpm
php-enchant-5.3.2-6.el6_0.1.x86_64.rpm
php-imap-5.3.2-6.el6_0.1.x86_64.rpm
php-intl-5.3.2-6.el6_0.1.x86_64.rpm
php-mbstring-5.3.2-6.el6_0.1.x86_64.rpm
php-process-5.3.2-6.el6_0.1.x86_64.rpm
php-pspell-5.3.2-6.el6_0.1.x86_64.rpm
php-recode-5.3.2-6.el6_0.1.x86_64.rpm
php-snmp-5.3.2-6.el6_0.1.x86_64.rpm
php-tidy-5.3.2-6.el6_0.1.x86_64.rpm
php-zts-5.3.2-6.el6_0.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-5016.html
https://www.redhat.com/security/data/cve/CVE-2010-3709.html
https://www.redhat.com/security/data/cve/CVE-2010-3870.html
https://www.redhat.com/security/data/cve/CVE-2010-4645.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFNSw29XlSAg2UNWIIRAmCCAJkB3Vf97HutC5Ycexu/RHyfvfHV4gCgmXMN
7juA/Ff8Xn39OYOVj0rRTEg=
=lYgc
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 01-18-2012, 06:29 PM
 
Default Moderate: php security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: php security update
Advisory ID: RHSA-2012:0033-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0033.html
Issue date: 2012-01-18
CVE Names: CVE-2011-0708 CVE-2011-1148 CVE-2011-1466
CVE-2011-1469 CVE-2011-2202 CVE-2011-4566
CVE-2011-4885
================================================== ===================

1. Summary:

Updated php packages that fix several security issues are now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.

It was found that the hashing routine used by PHP arrays was susceptible
to predictable hash collisions. If an HTTP POST request to a PHP
application contained many parameters whose names map to the same hash
value, a large amount of CPU time would be consumed. This flaw has been
mitigated by adding a new configuration directive, max_input_vars, that
limits the maximum number of parameters processed per request. By
default, max_input_vars is set to 1000. (CVE-2011-4885)

A use-after-free flaw was found in the PHP substr_replace() function. If a
PHP script used the same variable as multiple function arguments, a remote
attacker could possibly use this to crash the PHP interpreter or, possibly,
execute arbitrary code. (CVE-2011-1148)

An integer overflow flaw was found in the PHP exif extension. On 32-bit
systems, a specially-crafted image file could cause the PHP interpreter to
crash or disclose portions of its memory when a PHP script tries to extract
Exchangeable image file format (Exif) metadata from the image file.
(CVE-2011-4566)

An insufficient input validation flaw, leading to a buffer over-read, was
found in the PHP exif extension. A specially-crafted image file could cause
the PHP interpreter to crash when a PHP script tries to extract
Exchangeable image file format (Exif) metadata from the image file.
(CVE-2011-0708)

An integer overflow flaw was found in the PHP calendar extension. A remote
attacker able to make a PHP script call SdnToJulian() with a large value
could cause the PHP interpreter to crash. (CVE-2011-1466)

A bug in the PHP Streams component caused the PHP interpreter to crash if
an FTP wrapper connection was made through an HTTP proxy. A remote attacker
could possibly trigger this issue if a PHP script accepted an untrusted URL
to connect to. (CVE-2011-1469)

An off-by-one flaw was found in PHP. If an attacker uploaded a file with a
specially-crafted file name it could cause a PHP script to attempt to write
a file to the root (/) directory. By default, PHP runs as the "apache"
user, preventing it from writing to the root directory. (CVE-2011-2202)

Red Hat would like to thank oCERT for reporting CVE-2011-4885. oCERT
acknowledges Julian W�e and Alexander Klink as the original reporters of
CVE-2011-4885.

All php users should upgrade to these updated packages, which contain
backported patches to resolve these issues. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

680972 - CVE-2011-0708 php: buffer over-read in Exif extension
688958 - CVE-2011-1148 php: use-after-free vulnerability in substr_replace()
689386 - CVE-2011-1466 php: Crash by converting serial day numbers (SDN) into Julian calendar
690905 - CVE-2011-1469 php: DoS when using HTTP proxy with the FTP wrapper
713194 - CVE-2011-2202 php: file path injection vulnerability in RFC1867 file upload filename
750547 - CVE-2011-4885 php: hash table collisions CPU usage DoS (oCERT-2011-003)
758413 - CVE-2011-4566 php: integer overflow in exif_process_IFD_TAG() may lead to DoS or arbitrary memory disclosure

6. Package List:

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php-5.1.6-27.el5_7.4.src.rpm

i386:
php-5.1.6-27.el5_7.4.i386.rpm
php-bcmath-5.1.6-27.el5_7.4.i386.rpm
php-cli-5.1.6-27.el5_7.4.i386.rpm
php-common-5.1.6-27.el5_7.4.i386.rpm
php-dba-5.1.6-27.el5_7.4.i386.rpm
php-debuginfo-5.1.6-27.el5_7.4.i386.rpm
php-devel-5.1.6-27.el5_7.4.i386.rpm
php-gd-5.1.6-27.el5_7.4.i386.rpm
php-imap-5.1.6-27.el5_7.4.i386.rpm
php-ldap-5.1.6-27.el5_7.4.i386.rpm
php-mbstring-5.1.6-27.el5_7.4.i386.rpm
php-mysql-5.1.6-27.el5_7.4.i386.rpm
php-ncurses-5.1.6-27.el5_7.4.i386.rpm
php-odbc-5.1.6-27.el5_7.4.i386.rpm
php-pdo-5.1.6-27.el5_7.4.i386.rpm
php-pgsql-5.1.6-27.el5_7.4.i386.rpm
php-snmp-5.1.6-27.el5_7.4.i386.rpm
php-soap-5.1.6-27.el5_7.4.i386.rpm
php-xml-5.1.6-27.el5_7.4.i386.rpm
php-xmlrpc-5.1.6-27.el5_7.4.i386.rpm

x86_64:
php-5.1.6-27.el5_7.4.x86_64.rpm
php-bcmath-5.1.6-27.el5_7.4.x86_64.rpm
php-cli-5.1.6-27.el5_7.4.x86_64.rpm
php-common-5.1.6-27.el5_7.4.x86_64.rpm
php-dba-5.1.6-27.el5_7.4.x86_64.rpm
php-debuginfo-5.1.6-27.el5_7.4.x86_64.rpm
php-devel-5.1.6-27.el5_7.4.x86_64.rpm
php-gd-5.1.6-27.el5_7.4.x86_64.rpm
php-imap-5.1.6-27.el5_7.4.x86_64.rpm
php-ldap-5.1.6-27.el5_7.4.x86_64.rpm
php-mbstring-5.1.6-27.el5_7.4.x86_64.rpm
php-mysql-5.1.6-27.el5_7.4.x86_64.rpm
php-ncurses-5.1.6-27.el5_7.4.x86_64.rpm
php-odbc-5.1.6-27.el5_7.4.x86_64.rpm
php-pdo-5.1.6-27.el5_7.4.x86_64.rpm
php-pgsql-5.1.6-27.el5_7.4.x86_64.rpm
php-snmp-5.1.6-27.el5_7.4.x86_64.rpm
php-soap-5.1.6-27.el5_7.4.x86_64.rpm
php-xml-5.1.6-27.el5_7.4.x86_64.rpm
php-xmlrpc-5.1.6-27.el5_7.4.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php-5.1.6-27.el5_7.4.src.rpm

i386:
php-5.1.6-27.el5_7.4.i386.rpm
php-bcmath-5.1.6-27.el5_7.4.i386.rpm
php-cli-5.1.6-27.el5_7.4.i386.rpm
php-common-5.1.6-27.el5_7.4.i386.rpm
php-dba-5.1.6-27.el5_7.4.i386.rpm
php-debuginfo-5.1.6-27.el5_7.4.i386.rpm
php-devel-5.1.6-27.el5_7.4.i386.rpm
php-gd-5.1.6-27.el5_7.4.i386.rpm
php-imap-5.1.6-27.el5_7.4.i386.rpm
php-ldap-5.1.6-27.el5_7.4.i386.rpm
php-mbstring-5.1.6-27.el5_7.4.i386.rpm
php-mysql-5.1.6-27.el5_7.4.i386.rpm
php-ncurses-5.1.6-27.el5_7.4.i386.rpm
php-odbc-5.1.6-27.el5_7.4.i386.rpm
php-pdo-5.1.6-27.el5_7.4.i386.rpm
php-pgsql-5.1.6-27.el5_7.4.i386.rpm
php-snmp-5.1.6-27.el5_7.4.i386.rpm
php-soap-5.1.6-27.el5_7.4.i386.rpm
php-xml-5.1.6-27.el5_7.4.i386.rpm
php-xmlrpc-5.1.6-27.el5_7.4.i386.rpm

ia64:
php-5.1.6-27.el5_7.4.ia64.rpm
php-bcmath-5.1.6-27.el5_7.4.ia64.rpm
php-cli-5.1.6-27.el5_7.4.ia64.rpm
php-common-5.1.6-27.el5_7.4.ia64.rpm
php-dba-5.1.6-27.el5_7.4.ia64.rpm
php-debuginfo-5.1.6-27.el5_7.4.ia64.rpm
php-devel-5.1.6-27.el5_7.4.ia64.rpm
php-gd-5.1.6-27.el5_7.4.ia64.rpm
php-imap-5.1.6-27.el5_7.4.ia64.rpm
php-ldap-5.1.6-27.el5_7.4.ia64.rpm
php-mbstring-5.1.6-27.el5_7.4.ia64.rpm
php-mysql-5.1.6-27.el5_7.4.ia64.rpm
php-ncurses-5.1.6-27.el5_7.4.ia64.rpm
php-odbc-5.1.6-27.el5_7.4.ia64.rpm
php-pdo-5.1.6-27.el5_7.4.ia64.rpm
php-pgsql-5.1.6-27.el5_7.4.ia64.rpm
php-snmp-5.1.6-27.el5_7.4.ia64.rpm
php-soap-5.1.6-27.el5_7.4.ia64.rpm
php-xml-5.1.6-27.el5_7.4.ia64.rpm
php-xmlrpc-5.1.6-27.el5_7.4.ia64.rpm

ppc:
php-5.1.6-27.el5_7.4.ppc.rpm
php-bcmath-5.1.6-27.el5_7.4.ppc.rpm
php-cli-5.1.6-27.el5_7.4.ppc.rpm
php-common-5.1.6-27.el5_7.4.ppc.rpm
php-dba-5.1.6-27.el5_7.4.ppc.rpm
php-debuginfo-5.1.6-27.el5_7.4.ppc.rpm
php-devel-5.1.6-27.el5_7.4.ppc.rpm
php-gd-5.1.6-27.el5_7.4.ppc.rpm
php-imap-5.1.6-27.el5_7.4.ppc.rpm
php-ldap-5.1.6-27.el5_7.4.ppc.rpm
php-mbstring-5.1.6-27.el5_7.4.ppc.rpm
php-mysql-5.1.6-27.el5_7.4.ppc.rpm
php-ncurses-5.1.6-27.el5_7.4.ppc.rpm
php-odbc-5.1.6-27.el5_7.4.ppc.rpm
php-pdo-5.1.6-27.el5_7.4.ppc.rpm
php-pgsql-5.1.6-27.el5_7.4.ppc.rpm
php-snmp-5.1.6-27.el5_7.4.ppc.rpm
php-soap-5.1.6-27.el5_7.4.ppc.rpm
php-xml-5.1.6-27.el5_7.4.ppc.rpm
php-xmlrpc-5.1.6-27.el5_7.4.ppc.rpm

s390x:
php-5.1.6-27.el5_7.4.s390x.rpm
php-bcmath-5.1.6-27.el5_7.4.s390x.rpm
php-cli-5.1.6-27.el5_7.4.s390x.rpm
php-common-5.1.6-27.el5_7.4.s390x.rpm
php-dba-5.1.6-27.el5_7.4.s390x.rpm
php-debuginfo-5.1.6-27.el5_7.4.s390x.rpm
php-devel-5.1.6-27.el5_7.4.s390x.rpm
php-gd-5.1.6-27.el5_7.4.s390x.rpm
php-imap-5.1.6-27.el5_7.4.s390x.rpm
php-ldap-5.1.6-27.el5_7.4.s390x.rpm
php-mbstring-5.1.6-27.el5_7.4.s390x.rpm
php-mysql-5.1.6-27.el5_7.4.s390x.rpm
php-ncurses-5.1.6-27.el5_7.4.s390x.rpm
php-odbc-5.1.6-27.el5_7.4.s390x.rpm
php-pdo-5.1.6-27.el5_7.4.s390x.rpm
php-pgsql-5.1.6-27.el5_7.4.s390x.rpm
php-snmp-5.1.6-27.el5_7.4.s390x.rpm
php-soap-5.1.6-27.el5_7.4.s390x.rpm
php-xml-5.1.6-27.el5_7.4.s390x.rpm
php-xmlrpc-5.1.6-27.el5_7.4.s390x.rpm

x86_64:
php-5.1.6-27.el5_7.4.x86_64.rpm
php-bcmath-5.1.6-27.el5_7.4.x86_64.rpm
php-cli-5.1.6-27.el5_7.4.x86_64.rpm
php-common-5.1.6-27.el5_7.4.x86_64.rpm
php-dba-5.1.6-27.el5_7.4.x86_64.rpm
php-debuginfo-5.1.6-27.el5_7.4.x86_64.rpm
php-devel-5.1.6-27.el5_7.4.x86_64.rpm
php-gd-5.1.6-27.el5_7.4.x86_64.rpm
php-imap-5.1.6-27.el5_7.4.x86_64.rpm
php-ldap-5.1.6-27.el5_7.4.x86_64.rpm
php-mbstring-5.1.6-27.el5_7.4.x86_64.rpm
php-mysql-5.1.6-27.el5_7.4.x86_64.rpm
php-ncurses-5.1.6-27.el5_7.4.x86_64.rpm
php-odbc-5.1.6-27.el5_7.4.x86_64.rpm
php-pdo-5.1.6-27.el5_7.4.x86_64.rpm
php-pgsql-5.1.6-27.el5_7.4.x86_64.rpm
php-snmp-5.1.6-27.el5_7.4.x86_64.rpm
php-soap-5.1.6-27.el5_7.4.x86_64.rpm
php-xml-5.1.6-27.el5_7.4.x86_64.rpm
php-xmlrpc-5.1.6-27.el5_7.4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-0708.html
https://www.redhat.com/security/data/cve/CVE-2011-1148.html
https://www.redhat.com/security/data/cve/CVE-2011-1466.html
https://www.redhat.com/security/data/cve/CVE-2011-1469.html
https://www.redhat.com/security/data/cve/CVE-2011-2202.html
https://www.redhat.com/security/data/cve/CVE-2011-4566.html
https://www.redhat.com/security/data/cve/CVE-2011-4885.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPFx0/XlSAg2UNWIIRAsJfAJsEkZETav6tgqNNjO/aDoLEDdBuBACgwhzi
W+0ksbjC8sl3GqP0hbvqjfo=
=5yKn
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 01-30-2012, 05:40 PM
 
Default Moderate: php security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: php security update
Advisory ID: RHSA-2012:0071-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0071.html
Issue date: 2012-01-30
CVE Names: CVE-2011-0708 CVE-2011-1466 CVE-2011-2202
CVE-2011-4566 CVE-2011-4885
================================================== ===================

1. Summary:

Updated php packages that fix several security issues are now available for
Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.

It was found that the hashing routine used by PHP arrays was susceptible
to predictable hash collisions. If an HTTP POST request to a PHP
application contained many parameters whose names map to the same hash
value, a large amount of CPU time would be consumed. This flaw has been
mitigated by adding a new configuration directive, max_input_vars, that
limits the maximum number of parameters processed per request. By
default, max_input_vars is set to 1000. (CVE-2011-4885)

An integer overflow flaw was found in the PHP exif extension. On 32-bit
systems, a specially-crafted image file could cause the PHP interpreter to
crash or disclose portions of its memory when a PHP script tries to extract
Exchangeable image file format (Exif) metadata from the image file.
(CVE-2011-4566)

An insufficient input validation flaw, leading to a buffer over-read, was
found in the PHP exif extension. A specially-crafted image file could cause
the PHP interpreter to crash when a PHP script tries to extract
Exchangeable image file format (Exif) metadata from the image file.
(CVE-2011-0708)

An integer overflow flaw was found in the PHP calendar extension. A remote
attacker able to make a PHP script call SdnToJulian() with a large value
could cause the PHP interpreter to crash. (CVE-2011-1466)

An off-by-one flaw was found in PHP. If an attacker uploaded a file with a
specially-crafted file name it could cause a PHP script to attempt to write
a file to the root (/) directory. By default, PHP runs as the "apache"
user, preventing it from writing to the root directory. (CVE-2011-2202)

Red Hat would like to thank oCERT for reporting CVE-2011-4885. oCERT
acknowledges Julian Wlde and Alexander Klink as the original reporters of
CVE-2011-4885.

All php users should upgrade to these updated packages, which contain
backported patches to resolve these issues. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

680972 - CVE-2011-0708 php: buffer over-read in Exif extension
689386 - CVE-2011-1466 php: Crash by converting serial day numbers (SDN) into Julian calendar
713194 - CVE-2011-2202 php: file path injection vulnerability in RFC1867 file upload filename
750547 - CVE-2011-4885 php: hash table collisions CPU usage DoS (oCERT-2011-003)
758413 - CVE-2011-4566 php: integer overflow in exif_process_IFD_TAG() may lead to DoS or arbitrary memory disclosure

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/php-4.3.9-3.35.src.rpm

i386:
php-4.3.9-3.35.i386.rpm
php-debuginfo-4.3.9-3.35.i386.rpm
php-devel-4.3.9-3.35.i386.rpm
php-domxml-4.3.9-3.35.i386.rpm
php-gd-4.3.9-3.35.i386.rpm
php-imap-4.3.9-3.35.i386.rpm
php-ldap-4.3.9-3.35.i386.rpm
php-mbstring-4.3.9-3.35.i386.rpm
php-mysql-4.3.9-3.35.i386.rpm
php-ncurses-4.3.9-3.35.i386.rpm
php-odbc-4.3.9-3.35.i386.rpm
php-pear-4.3.9-3.35.i386.rpm
php-pgsql-4.3.9-3.35.i386.rpm
php-snmp-4.3.9-3.35.i386.rpm
php-xmlrpc-4.3.9-3.35.i386.rpm

ia64:
php-4.3.9-3.35.ia64.rpm
php-debuginfo-4.3.9-3.35.ia64.rpm
php-devel-4.3.9-3.35.ia64.rpm
php-domxml-4.3.9-3.35.ia64.rpm
php-gd-4.3.9-3.35.ia64.rpm
php-imap-4.3.9-3.35.ia64.rpm
php-ldap-4.3.9-3.35.ia64.rpm
php-mbstring-4.3.9-3.35.ia64.rpm
php-mysql-4.3.9-3.35.ia64.rpm
php-ncurses-4.3.9-3.35.ia64.rpm
php-odbc-4.3.9-3.35.ia64.rpm
php-pear-4.3.9-3.35.ia64.rpm
php-pgsql-4.3.9-3.35.ia64.rpm
php-snmp-4.3.9-3.35.ia64.rpm
php-xmlrpc-4.3.9-3.35.ia64.rpm

ppc:
php-4.3.9-3.35.ppc.rpm
php-debuginfo-4.3.9-3.35.ppc.rpm
php-devel-4.3.9-3.35.ppc.rpm
php-domxml-4.3.9-3.35.ppc.rpm
php-gd-4.3.9-3.35.ppc.rpm
php-imap-4.3.9-3.35.ppc.rpm
php-ldap-4.3.9-3.35.ppc.rpm
php-mbstring-4.3.9-3.35.ppc.rpm
php-mysql-4.3.9-3.35.ppc.rpm
php-ncurses-4.3.9-3.35.ppc.rpm
php-odbc-4.3.9-3.35.ppc.rpm
php-pear-4.3.9-3.35.ppc.rpm
php-pgsql-4.3.9-3.35.ppc.rpm
php-snmp-4.3.9-3.35.ppc.rpm
php-xmlrpc-4.3.9-3.35.ppc.rpm

s390:
php-4.3.9-3.35.s390.rpm
php-debuginfo-4.3.9-3.35.s390.rpm
php-devel-4.3.9-3.35.s390.rpm
php-domxml-4.3.9-3.35.s390.rpm
php-gd-4.3.9-3.35.s390.rpm
php-imap-4.3.9-3.35.s390.rpm
php-ldap-4.3.9-3.35.s390.rpm
php-mbstring-4.3.9-3.35.s390.rpm
php-mysql-4.3.9-3.35.s390.rpm
php-ncurses-4.3.9-3.35.s390.rpm
php-odbc-4.3.9-3.35.s390.rpm
php-pear-4.3.9-3.35.s390.rpm
php-pgsql-4.3.9-3.35.s390.rpm
php-snmp-4.3.9-3.35.s390.rpm
php-xmlrpc-4.3.9-3.35.s390.rpm

s390x:
php-4.3.9-3.35.s390x.rpm
php-debuginfo-4.3.9-3.35.s390x.rpm
php-devel-4.3.9-3.35.s390x.rpm
php-domxml-4.3.9-3.35.s390x.rpm
php-gd-4.3.9-3.35.s390x.rpm
php-imap-4.3.9-3.35.s390x.rpm
php-ldap-4.3.9-3.35.s390x.rpm
php-mbstring-4.3.9-3.35.s390x.rpm
php-mysql-4.3.9-3.35.s390x.rpm
php-ncurses-4.3.9-3.35.s390x.rpm
php-odbc-4.3.9-3.35.s390x.rpm
php-pear-4.3.9-3.35.s390x.rpm
php-pgsql-4.3.9-3.35.s390x.rpm
php-snmp-4.3.9-3.35.s390x.rpm
php-xmlrpc-4.3.9-3.35.s390x.rpm

x86_64:
php-4.3.9-3.35.x86_64.rpm
php-debuginfo-4.3.9-3.35.x86_64.rpm
php-devel-4.3.9-3.35.x86_64.rpm
php-domxml-4.3.9-3.35.x86_64.rpm
php-gd-4.3.9-3.35.x86_64.rpm
php-imap-4.3.9-3.35.x86_64.rpm
php-ldap-4.3.9-3.35.x86_64.rpm
php-mbstring-4.3.9-3.35.x86_64.rpm
php-mysql-4.3.9-3.35.x86_64.rpm
php-ncurses-4.3.9-3.35.x86_64.rpm
php-odbc-4.3.9-3.35.x86_64.rpm
php-pear-4.3.9-3.35.x86_64.rpm
php-pgsql-4.3.9-3.35.x86_64.rpm
php-snmp-4.3.9-3.35.x86_64.rpm
php-xmlrpc-4.3.9-3.35.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/php-4.3.9-3.35.src.rpm

i386:
php-4.3.9-3.35.i386.rpm
php-debuginfo-4.3.9-3.35.i386.rpm
php-devel-4.3.9-3.35.i386.rpm
php-domxml-4.3.9-3.35.i386.rpm
php-gd-4.3.9-3.35.i386.rpm
php-imap-4.3.9-3.35.i386.rpm
php-ldap-4.3.9-3.35.i386.rpm
php-mbstring-4.3.9-3.35.i386.rpm
php-mysql-4.3.9-3.35.i386.rpm
php-ncurses-4.3.9-3.35.i386.rpm
php-odbc-4.3.9-3.35.i386.rpm
php-pear-4.3.9-3.35.i386.rpm
php-pgsql-4.3.9-3.35.i386.rpm
php-snmp-4.3.9-3.35.i386.rpm
php-xmlrpc-4.3.9-3.35.i386.rpm

x86_64:
php-4.3.9-3.35.x86_64.rpm
php-debuginfo-4.3.9-3.35.x86_64.rpm
php-devel-4.3.9-3.35.x86_64.rpm
php-domxml-4.3.9-3.35.x86_64.rpm
php-gd-4.3.9-3.35.x86_64.rpm
php-imap-4.3.9-3.35.x86_64.rpm
php-ldap-4.3.9-3.35.x86_64.rpm
php-mbstring-4.3.9-3.35.x86_64.rpm
php-mysql-4.3.9-3.35.x86_64.rpm
php-ncurses-4.3.9-3.35.x86_64.rpm
php-odbc-4.3.9-3.35.x86_64.rpm
php-pear-4.3.9-3.35.x86_64.rpm
php-pgsql-4.3.9-3.35.x86_64.rpm
php-snmp-4.3.9-3.35.x86_64.rpm
php-xmlrpc-4.3.9-3.35.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/php-4.3.9-3.35.src.rpm

i386:
php-4.3.9-3.35.i386.rpm
php-debuginfo-4.3.9-3.35.i386.rpm
php-devel-4.3.9-3.35.i386.rpm
php-domxml-4.3.9-3.35.i386.rpm
php-gd-4.3.9-3.35.i386.rpm
php-imap-4.3.9-3.35.i386.rpm
php-ldap-4.3.9-3.35.i386.rpm
php-mbstring-4.3.9-3.35.i386.rpm
php-mysql-4.3.9-3.35.i386.rpm
php-ncurses-4.3.9-3.35.i386.rpm
php-odbc-4.3.9-3.35.i386.rpm
php-pear-4.3.9-3.35.i386.rpm
php-pgsql-4.3.9-3.35.i386.rpm
php-snmp-4.3.9-3.35.i386.rpm
php-xmlrpc-4.3.9-3.35.i386.rpm

ia64:
php-4.3.9-3.35.ia64.rpm
php-debuginfo-4.3.9-3.35.ia64.rpm
php-devel-4.3.9-3.35.ia64.rpm
php-domxml-4.3.9-3.35.ia64.rpm
php-gd-4.3.9-3.35.ia64.rpm
php-imap-4.3.9-3.35.ia64.rpm
php-ldap-4.3.9-3.35.ia64.rpm
php-mbstring-4.3.9-3.35.ia64.rpm
php-mysql-4.3.9-3.35.ia64.rpm
php-ncurses-4.3.9-3.35.ia64.rpm
php-odbc-4.3.9-3.35.ia64.rpm
php-pear-4.3.9-3.35.ia64.rpm
php-pgsql-4.3.9-3.35.ia64.rpm
php-snmp-4.3.9-3.35.ia64.rpm
php-xmlrpc-4.3.9-3.35.ia64.rpm

x86_64:
php-4.3.9-3.35.x86_64.rpm
php-debuginfo-4.3.9-3.35.x86_64.rpm
php-devel-4.3.9-3.35.x86_64.rpm
php-domxml-4.3.9-3.35.x86_64.rpm
php-gd-4.3.9-3.35.x86_64.rpm
php-imap-4.3.9-3.35.x86_64.rpm
php-ldap-4.3.9-3.35.x86_64.rpm
php-mbstring-4.3.9-3.35.x86_64.rpm
php-mysql-4.3.9-3.35.x86_64.rpm
php-ncurses-4.3.9-3.35.x86_64.rpm
php-odbc-4.3.9-3.35.x86_64.rpm
php-pear-4.3.9-3.35.x86_64.rpm
php-pgsql-4.3.9-3.35.x86_64.rpm
php-snmp-4.3.9-3.35.x86_64.rpm
php-xmlrpc-4.3.9-3.35.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/php-4.3.9-3.35.src.rpm

i386:
php-4.3.9-3.35.i386.rpm
php-debuginfo-4.3.9-3.35.i386.rpm
php-devel-4.3.9-3.35.i386.rpm
php-domxml-4.3.9-3.35.i386.rpm
php-gd-4.3.9-3.35.i386.rpm
php-imap-4.3.9-3.35.i386.rpm
php-ldap-4.3.9-3.35.i386.rpm
php-mbstring-4.3.9-3.35.i386.rpm
php-mysql-4.3.9-3.35.i386.rpm
php-ncurses-4.3.9-3.35.i386.rpm
php-odbc-4.3.9-3.35.i386.rpm
php-pear-4.3.9-3.35.i386.rpm
php-pgsql-4.3.9-3.35.i386.rpm
php-snmp-4.3.9-3.35.i386.rpm
php-xmlrpc-4.3.9-3.35.i386.rpm

ia64:
php-4.3.9-3.35.ia64.rpm
php-debuginfo-4.3.9-3.35.ia64.rpm
php-devel-4.3.9-3.35.ia64.rpm
php-domxml-4.3.9-3.35.ia64.rpm
php-gd-4.3.9-3.35.ia64.rpm
php-imap-4.3.9-3.35.ia64.rpm
php-ldap-4.3.9-3.35.ia64.rpm
php-mbstring-4.3.9-3.35.ia64.rpm
php-mysql-4.3.9-3.35.ia64.rpm
php-ncurses-4.3.9-3.35.ia64.rpm
php-odbc-4.3.9-3.35.ia64.rpm
php-pear-4.3.9-3.35.ia64.rpm
php-pgsql-4.3.9-3.35.ia64.rpm
php-snmp-4.3.9-3.35.ia64.rpm
php-xmlrpc-4.3.9-3.35.ia64.rpm

x86_64:
php-4.3.9-3.35.x86_64.rpm
php-debuginfo-4.3.9-3.35.x86_64.rpm
php-devel-4.3.9-3.35.x86_64.rpm
php-domxml-4.3.9-3.35.x86_64.rpm
php-gd-4.3.9-3.35.x86_64.rpm
php-imap-4.3.9-3.35.x86_64.rpm
php-ldap-4.3.9-3.35.x86_64.rpm
php-mbstring-4.3.9-3.35.x86_64.rpm
php-mysql-4.3.9-3.35.x86_64.rpm
php-ncurses-4.3.9-3.35.x86_64.rpm
php-odbc-4.3.9-3.35.x86_64.rpm
php-pear-4.3.9-3.35.x86_64.rpm
php-pgsql-4.3.9-3.35.x86_64.rpm
php-snmp-4.3.9-3.35.x86_64.rpm
php-xmlrpc-4.3.9-3.35.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-0708.html
https://www.redhat.com/security/data/cve/CVE-2011-1466.html
https://www.redhat.com/security/data/cve/CVE-2011-2202.html
https://www.redhat.com/security/data/cve/CVE-2011-4566.html
https://www.redhat.com/security/data/cve/CVE-2011-4885.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPJuP0XlSAg2UNWIIRAnNOAKClNo8zOfCzHt6mFA6kIC m9eYZPnwCfdopP
CB73QjymTYOW3rKlctdBUlk=
=6MVP
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 06-27-2012, 03:52 PM
 
Default Moderate: php security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: php security update
Advisory ID: RHSA-2012:1045-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1045.html
Issue date: 2012-06-27
CVE Names: CVE-2011-4153 CVE-2012-0057 CVE-2012-0789
CVE-2012-1172 CVE-2012-2336
================================================== ===================

1. Summary:

Updated php packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.

It was discovered that the PHP XSL extension did not restrict the file
writing capability of libxslt. A remote attacker could use this flaw to
create or overwrite an arbitrary file that is writable by the user running
PHP, if a PHP script processed untrusted eXtensible Style Sheet Language
Transformations (XSLT) content. (CVE-2012-0057)

Note: This update disables file writing by default. A new PHP configuration
directive, "xsl.security_prefs", can be used to enable file writing in
XSLT.

A flaw was found in the way PHP validated file names in file upload
requests. A remote attacker could possibly use this flaw to bypass the
sanitization of the uploaded file names, and cause a PHP script to store
the uploaded file in an unexpected directory, by using a directory
traversal attack. (CVE-2012-1172)

It was discovered that the fix for CVE-2012-1823, released via
RHSA-2012:0546, did not properly filter all php-cgi command line arguments.
A specially-crafted request to a PHP script could cause the PHP interpreter
to output usage information that triggers an Internal Server Error.
(CVE-2012-2336)

A memory leak flaw was found in the PHP strtotime() function call. A remote
attacker could possibly use this flaw to cause excessive memory consumption
by triggering many strtotime() function calls. (CVE-2012-0789)

It was found that PHP did not check the zend_strndup() function's return
value in certain cases. A remote attacker could possibly use this flaw to
crash a PHP application. (CVE-2011-4153)

All php users should upgrade to these updated packages, which contain
backported patches to resolve these issues. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

782657 - CVE-2012-0057 php: XSLT file writing vulnerability
782943 - CVE-2011-4153 php: zend_strndup() NULL pointer dereference may cause DoS
783609 - CVE-2012-0789 php: strtotime timezone memory leak
799187 - CVE-2012-1172 php: $_FILES array indexes corruption
820708 - CVE-2012-2336 php: incomplete CVE-2012-1823 fix - missing filtering of -T and -h

6. Package List:

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php-5.1.6-39.el5_8.src.rpm

i386:
php-5.1.6-39.el5_8.i386.rpm
php-bcmath-5.1.6-39.el5_8.i386.rpm
php-cli-5.1.6-39.el5_8.i386.rpm
php-common-5.1.6-39.el5_8.i386.rpm
php-dba-5.1.6-39.el5_8.i386.rpm
php-debuginfo-5.1.6-39.el5_8.i386.rpm
php-devel-5.1.6-39.el5_8.i386.rpm
php-gd-5.1.6-39.el5_8.i386.rpm
php-imap-5.1.6-39.el5_8.i386.rpm
php-ldap-5.1.6-39.el5_8.i386.rpm
php-mbstring-5.1.6-39.el5_8.i386.rpm
php-mysql-5.1.6-39.el5_8.i386.rpm
php-ncurses-5.1.6-39.el5_8.i386.rpm
php-odbc-5.1.6-39.el5_8.i386.rpm
php-pdo-5.1.6-39.el5_8.i386.rpm
php-pgsql-5.1.6-39.el5_8.i386.rpm
php-snmp-5.1.6-39.el5_8.i386.rpm
php-soap-5.1.6-39.el5_8.i386.rpm
php-xml-5.1.6-39.el5_8.i386.rpm
php-xmlrpc-5.1.6-39.el5_8.i386.rpm

x86_64:
php-5.1.6-39.el5_8.x86_64.rpm
php-bcmath-5.1.6-39.el5_8.x86_64.rpm
php-cli-5.1.6-39.el5_8.x86_64.rpm
php-common-5.1.6-39.el5_8.x86_64.rpm
php-dba-5.1.6-39.el5_8.x86_64.rpm
php-debuginfo-5.1.6-39.el5_8.x86_64.rpm
php-devel-5.1.6-39.el5_8.x86_64.rpm
php-gd-5.1.6-39.el5_8.x86_64.rpm
php-imap-5.1.6-39.el5_8.x86_64.rpm
php-ldap-5.1.6-39.el5_8.x86_64.rpm
php-mbstring-5.1.6-39.el5_8.x86_64.rpm
php-mysql-5.1.6-39.el5_8.x86_64.rpm
php-ncurses-5.1.6-39.el5_8.x86_64.rpm
php-odbc-5.1.6-39.el5_8.x86_64.rpm
php-pdo-5.1.6-39.el5_8.x86_64.rpm
php-pgsql-5.1.6-39.el5_8.x86_64.rpm
php-snmp-5.1.6-39.el5_8.x86_64.rpm
php-soap-5.1.6-39.el5_8.x86_64.rpm
php-xml-5.1.6-39.el5_8.x86_64.rpm
php-xmlrpc-5.1.6-39.el5_8.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php-5.1.6-39.el5_8.src.rpm

i386:
php-5.1.6-39.el5_8.i386.rpm
php-bcmath-5.1.6-39.el5_8.i386.rpm
php-cli-5.1.6-39.el5_8.i386.rpm
php-common-5.1.6-39.el5_8.i386.rpm
php-dba-5.1.6-39.el5_8.i386.rpm
php-debuginfo-5.1.6-39.el5_8.i386.rpm
php-devel-5.1.6-39.el5_8.i386.rpm
php-gd-5.1.6-39.el5_8.i386.rpm
php-imap-5.1.6-39.el5_8.i386.rpm
php-ldap-5.1.6-39.el5_8.i386.rpm
php-mbstring-5.1.6-39.el5_8.i386.rpm
php-mysql-5.1.6-39.el5_8.i386.rpm
php-ncurses-5.1.6-39.el5_8.i386.rpm
php-odbc-5.1.6-39.el5_8.i386.rpm
php-pdo-5.1.6-39.el5_8.i386.rpm
php-pgsql-5.1.6-39.el5_8.i386.rpm
php-snmp-5.1.6-39.el5_8.i386.rpm
php-soap-5.1.6-39.el5_8.i386.rpm
php-xml-5.1.6-39.el5_8.i386.rpm
php-xmlrpc-5.1.6-39.el5_8.i386.rpm

ia64:
php-5.1.6-39.el5_8.ia64.rpm
php-bcmath-5.1.6-39.el5_8.ia64.rpm
php-cli-5.1.6-39.el5_8.ia64.rpm
php-common-5.1.6-39.el5_8.ia64.rpm
php-dba-5.1.6-39.el5_8.ia64.rpm
php-debuginfo-5.1.6-39.el5_8.ia64.rpm
php-devel-5.1.6-39.el5_8.ia64.rpm
php-gd-5.1.6-39.el5_8.ia64.rpm
php-imap-5.1.6-39.el5_8.ia64.rpm
php-ldap-5.1.6-39.el5_8.ia64.rpm
php-mbstring-5.1.6-39.el5_8.ia64.rpm
php-mysql-5.1.6-39.el5_8.ia64.rpm
php-ncurses-5.1.6-39.el5_8.ia64.rpm
php-odbc-5.1.6-39.el5_8.ia64.rpm
php-pdo-5.1.6-39.el5_8.ia64.rpm
php-pgsql-5.1.6-39.el5_8.ia64.rpm
php-snmp-5.1.6-39.el5_8.ia64.rpm
php-soap-5.1.6-39.el5_8.ia64.rpm
php-xml-5.1.6-39.el5_8.ia64.rpm
php-xmlrpc-5.1.6-39.el5_8.ia64.rpm

ppc:
php-5.1.6-39.el5_8.ppc.rpm
php-bcmath-5.1.6-39.el5_8.ppc.rpm
php-cli-5.1.6-39.el5_8.ppc.rpm
php-common-5.1.6-39.el5_8.ppc.rpm
php-dba-5.1.6-39.el5_8.ppc.rpm
php-debuginfo-5.1.6-39.el5_8.ppc.rpm
php-devel-5.1.6-39.el5_8.ppc.rpm
php-gd-5.1.6-39.el5_8.ppc.rpm
php-imap-5.1.6-39.el5_8.ppc.rpm
php-ldap-5.1.6-39.el5_8.ppc.rpm
php-mbstring-5.1.6-39.el5_8.ppc.rpm
php-mysql-5.1.6-39.el5_8.ppc.rpm
php-ncurses-5.1.6-39.el5_8.ppc.rpm
php-odbc-5.1.6-39.el5_8.ppc.rpm
php-pdo-5.1.6-39.el5_8.ppc.rpm
php-pgsql-5.1.6-39.el5_8.ppc.rpm
php-snmp-5.1.6-39.el5_8.ppc.rpm
php-soap-5.1.6-39.el5_8.ppc.rpm
php-xml-5.1.6-39.el5_8.ppc.rpm
php-xmlrpc-5.1.6-39.el5_8.ppc.rpm

s390x:
php-5.1.6-39.el5_8.s390x.rpm
php-bcmath-5.1.6-39.el5_8.s390x.rpm
php-cli-5.1.6-39.el5_8.s390x.rpm
php-common-5.1.6-39.el5_8.s390x.rpm
php-dba-5.1.6-39.el5_8.s390x.rpm
php-debuginfo-5.1.6-39.el5_8.s390x.rpm
php-devel-5.1.6-39.el5_8.s390x.rpm
php-gd-5.1.6-39.el5_8.s390x.rpm
php-imap-5.1.6-39.el5_8.s390x.rpm
php-ldap-5.1.6-39.el5_8.s390x.rpm
php-mbstring-5.1.6-39.el5_8.s390x.rpm
php-mysql-5.1.6-39.el5_8.s390x.rpm
php-ncurses-5.1.6-39.el5_8.s390x.rpm
php-odbc-5.1.6-39.el5_8.s390x.rpm
php-pdo-5.1.6-39.el5_8.s390x.rpm
php-pgsql-5.1.6-39.el5_8.s390x.rpm
php-snmp-5.1.6-39.el5_8.s390x.rpm
php-soap-5.1.6-39.el5_8.s390x.rpm
php-xml-5.1.6-39.el5_8.s390x.rpm
php-xmlrpc-5.1.6-39.el5_8.s390x.rpm

x86_64:
php-5.1.6-39.el5_8.x86_64.rpm
php-bcmath-5.1.6-39.el5_8.x86_64.rpm
php-cli-5.1.6-39.el5_8.x86_64.rpm
php-common-5.1.6-39.el5_8.x86_64.rpm
php-dba-5.1.6-39.el5_8.x86_64.rpm
php-debuginfo-5.1.6-39.el5_8.x86_64.rpm
php-devel-5.1.6-39.el5_8.x86_64.rpm
php-gd-5.1.6-39.el5_8.x86_64.rpm
php-imap-5.1.6-39.el5_8.x86_64.rpm
php-ldap-5.1.6-39.el5_8.x86_64.rpm
php-mbstring-5.1.6-39.el5_8.x86_64.rpm
php-mysql-5.1.6-39.el5_8.x86_64.rpm
php-ncurses-5.1.6-39.el5_8.x86_64.rpm
php-odbc-5.1.6-39.el5_8.x86_64.rpm
php-pdo-5.1.6-39.el5_8.x86_64.rpm
php-pgsql-5.1.6-39.el5_8.x86_64.rpm
php-snmp-5.1.6-39.el5_8.x86_64.rpm
php-soap-5.1.6-39.el5_8.x86_64.rpm
php-xml-5.1.6-39.el5_8.x86_64.rpm
php-xmlrpc-5.1.6-39.el5_8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-4153.html
https://www.redhat.com/security/data/cve/CVE-2012-0057.html
https://www.redhat.com/security/data/cve/CVE-2012-0789.html
https://www.redhat.com/security/data/cve/CVE-2012-1172.html
https://www.redhat.com/security/data/cve/CVE-2012-2336.html
https://access.redhat.com/security/updates/classification/#moderate
https://rhn.redhat.com/errata/RHSA-2012-0546.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFP6ywiXlSAg2UNWIIRAlQdAKCSzJwQnIfnFO01xKNrbm qTB9P2twCeNtBm
lAytZSQRsuydTO173PNQ5aY=
=ShQh
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 06-27-2012, 03:53 PM
 
Default Moderate: php security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Moderate: php security update
Advisory ID: RHSA-2012:1046-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1046.html
Issue date: 2012-06-27
CVE Names: CVE-2010-2950 CVE-2011-4153 CVE-2012-0057
CVE-2012-0781 CVE-2012-0789 CVE-2012-1172
CVE-2012-2143 CVE-2012-2336 CVE-2012-2386
================================================== ===================

1. Summary:

Updated php packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.

It was discovered that the PHP XSL extension did not restrict the file
writing capability of libxslt. A remote attacker could use this flaw to
create or overwrite an arbitrary file that is writable by the user running
PHP, if a PHP script processed untrusted eXtensible Style Sheet Language
Transformations (XSLT) content. (CVE-2012-0057)

Note: This update disables file writing by default. A new PHP configuration
directive, "xsl.security_prefs", can be used to enable file writing in
XSLT.

A flaw was found in the way PHP validated file names in file upload
requests. A remote attacker could possibly use this flaw to bypass the
sanitization of the uploaded file names, and cause a PHP script to store
the uploaded file in an unexpected directory, by using a directory
traversal attack. (CVE-2012-1172)

Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in the way the PHP phar extension processed certain fields of
tar archive files. A remote attacker could provide a specially-crafted tar
archive file that, when processed by a PHP application using the phar
extension, could cause the application to crash or, potentially, execute
arbitrary code with the privileges of the user running PHP. (CVE-2012-2386)

A format string flaw was found in the way the PHP phar extension processed
certain PHAR files. A remote attacker could provide a specially-crafted
PHAR file, which once processed in a PHP application using the phar
extension, could lead to information disclosure and possibly arbitrary code
execution via a crafted phar:// URI. (CVE-2010-2950)

A flaw was found in the DES algorithm implementation in the crypt()
password hashing function in PHP. If the password string to be hashed
contained certain characters, the remainder of the string was ignored when
calculating the hash, significantly reducing the password strength.
(CVE-2012-2143)

Note: With this update, passwords are no longer truncated when performing
DES hashing. Therefore, new hashes of the affected passwords will not match
stored hashes generated using vulnerable PHP versions, and will need to be
updated.

It was discovered that the fix for CVE-2012-1823, released via
RHSA-2012:0546, did not properly filter all php-cgi command line arguments.
A specially-crafted request to a PHP script could cause the PHP interpreter
to execute the script in a loop, or output usage information that triggers
an Internal Server Error. (CVE-2012-2336)

A memory leak flaw was found in the PHP strtotime() function call. A remote
attacker could possibly use this flaw to cause excessive memory consumption
by triggering many strtotime() function calls. (CVE-2012-0789)

A NULL pointer dereference flaw was found in the PHP tidy_diagnose()
function. A remote attacker could use specially-crafted input to crash an
application that uses tidy::diagnose. (CVE-2012-0781)

It was found that PHP did not check the zend_strndup() function's return
value in certain cases. A remote attacker could possibly use this flaw to
crash a PHP application. (CVE-2011-4153)

Upstream acknowledges Rubin Xu and Joseph Bonneau as the original reporters
of CVE-2012-2143.

All php users should upgrade to these updated packages, which contain
backported patches to resolve these issues. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

782657 - CVE-2012-0057 php: XSLT file writing vulnerability
782943 - CVE-2011-4153 php: zend_strndup() NULL pointer dereference may cause DoS
782951 - CVE-2012-0781 php: tidy_diagnose() NULL pointer dereference may cause DoS
783609 - CVE-2012-0789 php: strtotime timezone memory leak
799187 - CVE-2012-1172 php: $_FILES array indexes corruption
816956 - CVE-2012-2143 BSD crypt(): DES encrypted password weakness
820708 - CVE-2012-2336 php: incomplete CVE-2012-1823 fix - missing filtering of -T and -h
823594 - CVE-2012-2386 php: Integer overflow leading to heap-buffer overflow in the Phar extension
835024 - CVE-2010-2950 php: Format string flaw in phar extension via phar_stream_flush() (MOPS-2010-024)

6. Package List:

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm

i386:
php-5.3.3-14.el6_3.i686.rpm
php-bcmath-5.3.3-14.el6_3.i686.rpm
php-cli-5.3.3-14.el6_3.i686.rpm
php-common-5.3.3-14.el6_3.i686.rpm
php-dba-5.3.3-14.el6_3.i686.rpm
php-debuginfo-5.3.3-14.el6_3.i686.rpm
php-devel-5.3.3-14.el6_3.i686.rpm
php-embedded-5.3.3-14.el6_3.i686.rpm
php-enchant-5.3.3-14.el6_3.i686.rpm
php-gd-5.3.3-14.el6_3.i686.rpm
php-imap-5.3.3-14.el6_3.i686.rpm
php-intl-5.3.3-14.el6_3.i686.rpm
php-ldap-5.3.3-14.el6_3.i686.rpm
php-mbstring-5.3.3-14.el6_3.i686.rpm
php-mysql-5.3.3-14.el6_3.i686.rpm
php-odbc-5.3.3-14.el6_3.i686.rpm
php-pdo-5.3.3-14.el6_3.i686.rpm
php-pgsql-5.3.3-14.el6_3.i686.rpm
php-process-5.3.3-14.el6_3.i686.rpm
php-pspell-5.3.3-14.el6_3.i686.rpm
php-recode-5.3.3-14.el6_3.i686.rpm
php-snmp-5.3.3-14.el6_3.i686.rpm
php-soap-5.3.3-14.el6_3.i686.rpm
php-tidy-5.3.3-14.el6_3.i686.rpm
php-xml-5.3.3-14.el6_3.i686.rpm
php-xmlrpc-5.3.3-14.el6_3.i686.rpm
php-zts-5.3.3-14.el6_3.i686.rpm

x86_64:
php-5.3.3-14.el6_3.x86_64.rpm
php-bcmath-5.3.3-14.el6_3.x86_64.rpm
php-cli-5.3.3-14.el6_3.x86_64.rpm
php-common-5.3.3-14.el6_3.x86_64.rpm
php-dba-5.3.3-14.el6_3.x86_64.rpm
php-debuginfo-5.3.3-14.el6_3.x86_64.rpm
php-devel-5.3.3-14.el6_3.x86_64.rpm
php-embedded-5.3.3-14.el6_3.x86_64.rpm
php-enchant-5.3.3-14.el6_3.x86_64.rpm
php-gd-5.3.3-14.el6_3.x86_64.rpm
php-imap-5.3.3-14.el6_3.x86_64.rpm
php-intl-5.3.3-14.el6_3.x86_64.rpm
php-ldap-5.3.3-14.el6_3.x86_64.rpm
php-mbstring-5.3.3-14.el6_3.x86_64.rpm
php-mysql-5.3.3-14.el6_3.x86_64.rpm
php-odbc-5.3.3-14.el6_3.x86_64.rpm
php-pdo-5.3.3-14.el6_3.x86_64.rpm
php-pgsql-5.3.3-14.el6_3.x86_64.rpm
php-process-5.3.3-14.el6_3.x86_64.rpm
php-pspell-5.3.3-14.el6_3.x86_64.rpm
php-recode-5.3.3-14.el6_3.x86_64.rpm
php-snmp-5.3.3-14.el6_3.x86_64.rpm
php-soap-5.3.3-14.el6_3.x86_64.rpm
php-tidy-5.3.3-14.el6_3.x86_64.rpm
php-xml-5.3.3-14.el6_3.x86_64.rpm
php-xmlrpc-5.3.3-14.el6_3.x86_64.rpm
php-zts-5.3.3-14.el6_3.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm

x86_64:
php-cli-5.3.3-14.el6_3.x86_64.rpm
php-common-5.3.3-14.el6_3.x86_64.rpm
php-debuginfo-5.3.3-14.el6_3.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm

x86_64:
php-5.3.3-14.el6_3.x86_64.rpm
php-bcmath-5.3.3-14.el6_3.x86_64.rpm
php-dba-5.3.3-14.el6_3.x86_64.rpm
php-debuginfo-5.3.3-14.el6_3.x86_64.rpm
php-devel-5.3.3-14.el6_3.x86_64.rpm
php-embedded-5.3.3-14.el6_3.x86_64.rpm
php-enchant-5.3.3-14.el6_3.x86_64.rpm
php-gd-5.3.3-14.el6_3.x86_64.rpm
php-imap-5.3.3-14.el6_3.x86_64.rpm
php-intl-5.3.3-14.el6_3.x86_64.rpm
php-ldap-5.3.3-14.el6_3.x86_64.rpm
php-mbstring-5.3.3-14.el6_3.x86_64.rpm
php-mysql-5.3.3-14.el6_3.x86_64.rpm
php-odbc-5.3.3-14.el6_3.x86_64.rpm
php-pdo-5.3.3-14.el6_3.x86_64.rpm
php-pgsql-5.3.3-14.el6_3.x86_64.rpm
php-process-5.3.3-14.el6_3.x86_64.rpm
php-pspell-5.3.3-14.el6_3.x86_64.rpm
php-recode-5.3.3-14.el6_3.x86_64.rpm
php-snmp-5.3.3-14.el6_3.x86_64.rpm
php-soap-5.3.3-14.el6_3.x86_64.rpm
php-tidy-5.3.3-14.el6_3.x86_64.rpm
php-xml-5.3.3-14.el6_3.x86_64.rpm
php-xmlrpc-5.3.3-14.el6_3.x86_64.rpm
php-zts-5.3.3-14.el6_3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm

i386:
php-5.3.3-14.el6_3.i686.rpm
php-cli-5.3.3-14.el6_3.i686.rpm
php-common-5.3.3-14.el6_3.i686.rpm
php-debuginfo-5.3.3-14.el6_3.i686.rpm
php-gd-5.3.3-14.el6_3.i686.rpm
php-ldap-5.3.3-14.el6_3.i686.rpm
php-mysql-5.3.3-14.el6_3.i686.rpm
php-odbc-5.3.3-14.el6_3.i686.rpm
php-pdo-5.3.3-14.el6_3.i686.rpm
php-pgsql-5.3.3-14.el6_3.i686.rpm
php-soap-5.3.3-14.el6_3.i686.rpm
php-xml-5.3.3-14.el6_3.i686.rpm
php-xmlrpc-5.3.3-14.el6_3.i686.rpm

ppc64:
php-5.3.3-14.el6_3.ppc64.rpm
php-cli-5.3.3-14.el6_3.ppc64.rpm
php-common-5.3.3-14.el6_3.ppc64.rpm
php-debuginfo-5.3.3-14.el6_3.ppc64.rpm
php-gd-5.3.3-14.el6_3.ppc64.rpm
php-ldap-5.3.3-14.el6_3.ppc64.rpm
php-mysql-5.3.3-14.el6_3.ppc64.rpm
php-odbc-5.3.3-14.el6_3.ppc64.rpm
php-pdo-5.3.3-14.el6_3.ppc64.rpm
php-pgsql-5.3.3-14.el6_3.ppc64.rpm
php-soap-5.3.3-14.el6_3.ppc64.rpm
php-xml-5.3.3-14.el6_3.ppc64.rpm
php-xmlrpc-5.3.3-14.el6_3.ppc64.rpm

s390x:
php-5.3.3-14.el6_3.s390x.rpm
php-cli-5.3.3-14.el6_3.s390x.rpm
php-common-5.3.3-14.el6_3.s390x.rpm
php-debuginfo-5.3.3-14.el6_3.s390x.rpm
php-gd-5.3.3-14.el6_3.s390x.rpm
php-ldap-5.3.3-14.el6_3.s390x.rpm
php-mysql-5.3.3-14.el6_3.s390x.rpm
php-odbc-5.3.3-14.el6_3.s390x.rpm
php-pdo-5.3.3-14.el6_3.s390x.rpm
php-pgsql-5.3.3-14.el6_3.s390x.rpm
php-soap-5.3.3-14.el6_3.s390x.rpm
php-xml-5.3.3-14.el6_3.s390x.rpm
php-xmlrpc-5.3.3-14.el6_3.s390x.rpm

x86_64:
php-5.3.3-14.el6_3.x86_64.rpm
php-cli-5.3.3-14.el6_3.x86_64.rpm
php-common-5.3.3-14.el6_3.x86_64.rpm
php-debuginfo-5.3.3-14.el6_3.x86_64.rpm
php-gd-5.3.3-14.el6_3.x86_64.rpm
php-ldap-5.3.3-14.el6_3.x86_64.rpm
php-mysql-5.3.3-14.el6_3.x86_64.rpm
php-odbc-5.3.3-14.el6_3.x86_64.rpm
php-pdo-5.3.3-14.el6_3.x86_64.rpm
php-pgsql-5.3.3-14.el6_3.x86_64.rpm
php-soap-5.3.3-14.el6_3.x86_64.rpm
php-xml-5.3.3-14.el6_3.x86_64.rpm
php-xmlrpc-5.3.3-14.el6_3.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm

i386:
php-bcmath-5.3.3-14.el6_3.i686.rpm
php-dba-5.3.3-14.el6_3.i686.rpm
php-debuginfo-5.3.3-14.el6_3.i686.rpm
php-devel-5.3.3-14.el6_3.i686.rpm
php-embedded-5.3.3-14.el6_3.i686.rpm
php-enchant-5.3.3-14.el6_3.i686.rpm
php-imap-5.3.3-14.el6_3.i686.rpm
php-intl-5.3.3-14.el6_3.i686.rpm
php-mbstring-5.3.3-14.el6_3.i686.rpm
php-process-5.3.3-14.el6_3.i686.rpm
php-pspell-5.3.3-14.el6_3.i686.rpm
php-recode-5.3.3-14.el6_3.i686.rpm
php-snmp-5.3.3-14.el6_3.i686.rpm
php-tidy-5.3.3-14.el6_3.i686.rpm
php-zts-5.3.3-14.el6_3.i686.rpm

ppc64:
php-bcmath-5.3.3-14.el6_3.ppc64.rpm
php-dba-5.3.3-14.el6_3.ppc64.rpm
php-debuginfo-5.3.3-14.el6_3.ppc64.rpm
php-devel-5.3.3-14.el6_3.ppc64.rpm
php-embedded-5.3.3-14.el6_3.ppc64.rpm
php-enchant-5.3.3-14.el6_3.ppc64.rpm
php-imap-5.3.3-14.el6_3.ppc64.rpm
php-intl-5.3.3-14.el6_3.ppc64.rpm
php-mbstring-5.3.3-14.el6_3.ppc64.rpm
php-process-5.3.3-14.el6_3.ppc64.rpm
php-pspell-5.3.3-14.el6_3.ppc64.rpm
php-recode-5.3.3-14.el6_3.ppc64.rpm
php-snmp-5.3.3-14.el6_3.ppc64.rpm
php-tidy-5.3.3-14.el6_3.ppc64.rpm
php-zts-5.3.3-14.el6_3.ppc64.rpm

s390x:
php-bcmath-5.3.3-14.el6_3.s390x.rpm
php-dba-5.3.3-14.el6_3.s390x.rpm
php-debuginfo-5.3.3-14.el6_3.s390x.rpm
php-devel-5.3.3-14.el6_3.s390x.rpm
php-embedded-5.3.3-14.el6_3.s390x.rpm
php-enchant-5.3.3-14.el6_3.s390x.rpm
php-imap-5.3.3-14.el6_3.s390x.rpm
php-intl-5.3.3-14.el6_3.s390x.rpm
php-mbstring-5.3.3-14.el6_3.s390x.rpm
php-process-5.3.3-14.el6_3.s390x.rpm
php-pspell-5.3.3-14.el6_3.s390x.rpm
php-recode-5.3.3-14.el6_3.s390x.rpm
php-snmp-5.3.3-14.el6_3.s390x.rpm
php-tidy-5.3.3-14.el6_3.s390x.rpm
php-zts-5.3.3-14.el6_3.s390x.rpm

x86_64:
php-bcmath-5.3.3-14.el6_3.x86_64.rpm
php-dba-5.3.3-14.el6_3.x86_64.rpm
php-debuginfo-5.3.3-14.el6_3.x86_64.rpm
php-devel-5.3.3-14.el6_3.x86_64.rpm
php-embedded-5.3.3-14.el6_3.x86_64.rpm
php-enchant-5.3.3-14.el6_3.x86_64.rpm
php-imap-5.3.3-14.el6_3.x86_64.rpm
php-intl-5.3.3-14.el6_3.x86_64.rpm
php-mbstring-5.3.3-14.el6_3.x86_64.rpm
php-process-5.3.3-14.el6_3.x86_64.rpm
php-pspell-5.3.3-14.el6_3.x86_64.rpm
php-recode-5.3.3-14.el6_3.x86_64.rpm
php-snmp-5.3.3-14.el6_3.x86_64.rpm
php-tidy-5.3.3-14.el6_3.x86_64.rpm
php-zts-5.3.3-14.el6_3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm

i386:
php-5.3.3-14.el6_3.i686.rpm
php-cli-5.3.3-14.el6_3.i686.rpm
php-common-5.3.3-14.el6_3.i686.rpm
php-debuginfo-5.3.3-14.el6_3.i686.rpm
php-gd-5.3.3-14.el6_3.i686.rpm
php-ldap-5.3.3-14.el6_3.i686.rpm
php-mysql-5.3.3-14.el6_3.i686.rpm
php-odbc-5.3.3-14.el6_3.i686.rpm
php-pdo-5.3.3-14.el6_3.i686.rpm
php-pgsql-5.3.3-14.el6_3.i686.rpm
php-soap-5.3.3-14.el6_3.i686.rpm
php-xml-5.3.3-14.el6_3.i686.rpm
php-xmlrpc-5.3.3-14.el6_3.i686.rpm

x86_64:
php-5.3.3-14.el6_3.x86_64.rpm
php-cli-5.3.3-14.el6_3.x86_64.rpm
php-common-5.3.3-14.el6_3.x86_64.rpm
php-debuginfo-5.3.3-14.el6_3.x86_64.rpm
php-gd-5.3.3-14.el6_3.x86_64.rpm
php-ldap-5.3.3-14.el6_3.x86_64.rpm
php-mysql-5.3.3-14.el6_3.x86_64.rpm
php-odbc-5.3.3-14.el6_3.x86_64.rpm
php-pdo-5.3.3-14.el6_3.x86_64.rpm
php-pgsql-5.3.3-14.el6_3.x86_64.rpm
php-soap-5.3.3-14.el6_3.x86_64.rpm
php-xml-5.3.3-14.el6_3.x86_64.rpm
php-xmlrpc-5.3.3-14.el6_3.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm

i386:
php-bcmath-5.3.3-14.el6_3.i686.rpm
php-dba-5.3.3-14.el6_3.i686.rpm
php-debuginfo-5.3.3-14.el6_3.i686.rpm
php-devel-5.3.3-14.el6_3.i686.rpm
php-embedded-5.3.3-14.el6_3.i686.rpm
php-enchant-5.3.3-14.el6_3.i686.rpm
php-imap-5.3.3-14.el6_3.i686.rpm
php-intl-5.3.3-14.el6_3.i686.rpm
php-mbstring-5.3.3-14.el6_3.i686.rpm
php-process-5.3.3-14.el6_3.i686.rpm
php-pspell-5.3.3-14.el6_3.i686.rpm
php-recode-5.3.3-14.el6_3.i686.rpm
php-snmp-5.3.3-14.el6_3.i686.rpm
php-tidy-5.3.3-14.el6_3.i686.rpm
php-zts-5.3.3-14.el6_3.i686.rpm

x86_64:
php-bcmath-5.3.3-14.el6_3.x86_64.rpm
php-dba-5.3.3-14.el6_3.x86_64.rpm
php-debuginfo-5.3.3-14.el6_3.x86_64.rpm
php-devel-5.3.3-14.el6_3.x86_64.rpm
php-embedded-5.3.3-14.el6_3.x86_64.rpm
php-enchant-5.3.3-14.el6_3.x86_64.rpm
php-imap-5.3.3-14.el6_3.x86_64.rpm
php-intl-5.3.3-14.el6_3.x86_64.rpm
php-mbstring-5.3.3-14.el6_3.x86_64.rpm
php-process-5.3.3-14.el6_3.x86_64.rpm
php-pspell-5.3.3-14.el6_3.x86_64.rpm
php-recode-5.3.3-14.el6_3.x86_64.rpm
php-snmp-5.3.3-14.el6_3.x86_64.rpm
php-tidy-5.3.3-14.el6_3.x86_64.rpm
php-zts-5.3.3-14.el6_3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-2950.html
https://www.redhat.com/security/data/cve/CVE-2011-4153.html
https://www.redhat.com/security/data/cve/CVE-2012-0057.html
https://www.redhat.com/security/data/cve/CVE-2012-0781.html
https://www.redhat.com/security/data/cve/CVE-2012-0789.html
https://www.redhat.com/security/data/cve/CVE-2012-1172.html
https://www.redhat.com/security/data/cve/CVE-2012-2143.html
https://www.redhat.com/security/data/cve/CVE-2012-2336.html
https://www.redhat.com/security/data/cve/CVE-2012-2386.html
https://access.redhat.com/security/updates/classification/#moderate
https://rhn.redhat.com/errata/RHSA-2012-0546.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFP6yxRXlSAg2UNWIIRAqlmAKCLhNreR9eJ9DMLQgGynQ 1AR57OhwCeNCjP
5dEIaw64iUF1AYJgb6tOHK0=
=KioB
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 

Thread Tools




All times are GMT. The time now is 05:34 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org